iOS HTTPS traffic to Burp and Wireshark

[Dewhurst Security]

Hi,

So I have an un-rooted iOS 8.1.3 iPhone. As far as I'm aware there is no jailbreak for this version of iOS as yet.

I wanted to attempt to intercept HTTP/HTTPS traffic from one of the device's apps.

Steps I have taken:

1. Export Burp's certificate and install it onto the device.

2. Set the device's proxy settings to use Burp (which is listening on all interfaces).

This mostly works but Burp (latest and an older version I tried) is acting strange, it shows the full request in the HTTP history including GET parameters but then disappears almost immediately.

Looking at the Proxy site map just shows the requests greyed out without any GET parameters.

My idea was then to use Wireshark (v1.99.2) to see the traffic. I have tried to install Burp's private key into Wireshark but the HTTPS traffic doesn't get decrypted.

I also tried to convert Burp's exported private key into the format Wireshark expects:

$ openssl pkcs8 -nocrypt -in der.key -inform DER -out pem.key -outform PEM

This didn't work either.

Any ideas on how I can fix Burp or make Wireshark decrypt the SSL traffic using Burp's certificate? Maybe I'm missing something obvious....

Thanks,

Ryan

[Dewhurst Security]

Used OWASP ZAP in the end which wasn't affected by the "disappearing HTTP request logs" issue. Must have been a Burp specific bug.

[Andi Pannell]

Ryan,

Out of curiosity. What version of Burp are you using? 

[Dewhurst Security]

Latest (1.6.12) and also tried with the previous version (1.6.11)

Ryan Dewhurst

BSc Ethical Hacking for Computer Security, CCNA

Tel: +33 695 321 773

www.dewhurstsecurity.com

--
You received this message because you are subscribed to the Google Groups "OWASP Mobile Top 10 Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-mobile-top-1...@owasp.org.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.