Skip to content

MASTG-TECH-0063: Setting up an Interception Proxy

Burp Suite is an integrated platform for security testing mobile and web applications. Its tools work together seamlessly to support the entire testing process, from initial attack-surface mapping and analysis to finding and exploiting security vulnerabilities. Burp Proxy operates as a web proxy server for Burp Suite, which is positioned as a Machine-in-the-Middle (MITM) between the browser and web server(s). Burp Suite allows you to intercept, inspect, and modify raw HTTP traffic to and from your target.

Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your iOS device and host computer are connected to a Wi-Fi network that permits client-to-client traffic. If client-to-client traffic is not allowed, you can use usbmuxd to connect to Burp via USB.

PortSwigger provides a good tutorial on setting up an iOS device to work with Burp and a tutorial on installing Burp's CA certificate to an iOS device.

Using Burp via USB on a Jailbroken Device

In Accessing the Device Shell, you can learn how to use iproxy to use SSH via USB. When performing dynamic analysis, it's helpful to use an SSH tunnel to route our traffic through Burp, which is running on our computer. Let's get started:

First, we need to use iproxy to enable SSH from iOS to connect to localhost.

$ iproxy 2222 22
waiting for connection

The next step is to enable remote port forwarding on the iOS device, mapping port 8080 on the iOS device to the localhost interface on our computer on port 8080.

ssh -R 8080:localhost:8080 mobile@localhost -p 2222

You should now be able to reach Burp on your iOS device. Open Safari on iOS and go to 127.0.0.1:8080, and you should see the Burp Suite Page. This would also be a good time to install the CA certificate of Burp on your iOS device.

The last step would be to set the proxy globally on your iOS device:

  1. Go to Settings -> Wi-Fi
  2. Connect to any Wi-Fi (you can literally connect to any Wi-Fi, as the traffic for ports 80 and 443 will be routed through USB, as we are just using the Proxy Setting for the Wi-Fi, so we can set a global Proxy)
  3. Once connected, click on the small blue icon on the right side of the connected Wi-Fi
  4. Configure your Proxy by selecting Manual
  5. Type in 127.0.0.1 as Server
  6. Type in 8080 as Port

Open Safari and visit any webpage. You should see traffic in Burp. Thanks @hweisheimer for the initial idea!

Tests

MASTG-TEST-0236: Cleartext Traffic Observed on the Network