Monitoring iOS HTTPS Network Traffic
In an attempt to explore Apple’s Find My Friends API, I was led to monitor the network requests coming from my iPhone 6s and actually finding some rather interesting responses.
For this guide I have used the Charles app for Mac OSX and my iPhone 6s, although this guide and the Charles app could be applied to any other OS and hardware.
Instructions
Step 1: Download
Download a copy at https://www.charlesproxy.com/download/ and install on your machine. Note, this app is $50 USD (includes 4 licences) but is free on a trail for 30 days.
Upon first run, you will start to see SSL requests coming in their encrypted form, we will need to perform an SSL “man in the middle attack” on ourselves to view the data unencrypted
Step 2: Install Root Certificate Authority (CA) on your Mac
Go to:
Help > SSL Proxying > Save Charles Root CertificateDouble click to install the certificate, this should open “Keychain Access” then search “Charles Proxy CA”, right click on the certificate > Get Info, open the “Trust” menu and select from the dropdown “When using this certificate” to “Always Trust”.
Go back to the Charles App and go to menu
Proxy > SSL Proxy Settings...add host “*” and port “*” to the Locations list. Make sure to restart your browser so it now uses the new Root Certificate.
This will allow you to monitor SSL requests by Charles on your machine!
Step 3: Setup your Phone
You will need to send the certificate you had saved above via email to an active email account on your iOS device and be using the Apple Mail App (unfortunately, going to the recommended http://chls.pro/ssl in Safari does not install the certificate). Click on the attached certificate in the email message and this view below should appear, install the profile:
Next, find out the IP of your machine (Will be in network settings) and make sure that both your iOS and Desktop OS Machine devices are connected to the same network then navigate to
Settings App > Wi-Fi > WifiName Settings > HTTP Proxy > Manualthen enter Server: 10.x.x.x (the local address of your machine found above) and Port: 8888
Then go back to Charles App and click “Allow” on the popup asking for permission
You should now see requests coming in from your device!
Last Step: Cleanup
When you are done, revert back to a legitimate CA Root by deleting the “Charles Proxy CA” certificate on the Mac in the Keychain Access App and on iOS by going to General > Profile > Charles Proxy and deleting the certificate.
