Observing Network Traffic of iOS Applications
Have you ever downloaded an app and wondered how it was communicating? This guide steps you through a method for observing the API requests that applications are making on your iOS device.
This document is intended for a technical audience. You should understand some of the basics around how the internet works and network traffic works. The guide is also intended for users that are on Mac OS X. At the time of writing this I’m on El Capitan (10.11.4).
What You’ll Learn
The purpose of this guide is to show you a way to view the HTTP requests that your app makes. For example, if you always wondered how Instagram handles authentication. With this guide you’ll be able to observe the HTTP calls that your device is making to the server.
Charles has been around for a while an old standby for this task. You can download Charles here.
Connecting Your iOS Device and Computer
While Charles is downloading open up Network Utility (use Command + Space to Spotlight Search “Network Utility” if you don’t know how to find the app).
Take note of the IP Address field under the Info tab.
On your iOS device navigate to Settings > Wi-Fi and tap the i button on the end of the row both your iOS device and your computer are sharing.
Scroll to the very bottom of this view and you’ll see the options for HTTP Proxy.
Tap Manual on the segmented control and enter the IP address identified on your Mac’s Network Utility app.
Enter 8888 for the port and navigate out of this view by tapping the Wi-Fi button on the navigation bar.
Firing Up Charles
Once downloaded open up and install Charles. It will come ready to roll and will likely start recording traffic right away. Make sure Charles is running and recording traffic just in case.
Making Your First Request
Once you enter the proxy information on your iOS device and Charles is running. You should see a prompt to authorize the connection from your iOS device to your computer. Authorize that request.
SSL, iOS and Charles
Viewing Network Traffic & SSL
You’ll notice very quickly that most if not all apps use SSL. So when we go to fire up Instagram we see the following.
We need to enable SSL with our proxy. This means installing a certificate on your iOS device that Charles.
Installing SSL Certificate on iOS Device
To get started in Charles. Head to the Proxy menu and select SSL Proxy Settings. Within this view check Enable SSL Proxying. You can also add a location. For example, I added i.instagram.com.
In Charles, head to the Help menu and click on Help > SSL Proxying > Install Charles Root Certificate on a Mobile Device on Remote Browser…
Open Safari on your iOS device that is already connected to the Charles proxy. As per the alert window, head to http://charlesproxy.com/getssl
Note: Don’t do this in Chrome. Use Safari as it knows how to deal with the PEM file and will get it installed.
Viewing a Network Request
Once SSL is setup properly between Charles and the iOS device network requests will be displayed. On the right side of the pane you can see all data passed back in JSON as well as the raw response.
Where to Go From Here
Once you can see the network traffic of an application it gives you a glimpse into the architecture and actual capabilities of the software running it. This is a great tool for anybody looking to design their own APIs. Design of an elegant system and API is both a mix of science and art. Using Charles you can appreciate the work other engineers are doing.
The Web Application Hacker’s Handbook is a must read if you are interested in this type of work. If you build your own applications it is important to understand what vectors people may use to hack your application.
I know the cover is so very 90’s but the content is still highly relevant and a great baseline to understand how HTTP works and is commonly setup.
Other Tools or Alternatives
mitmproxy looks like an alternative to Charles that looks interesting.