Thursday, 15 November 2012
Hey! It's been a while, I promised you guys that I'd do this more often and I've failed you and for that I am sorry (well sort of). So today I'm taking a break from automation to talk to you lovely folks about something I've been working on lately, proxying. Not just proxying, but proxying iPhone apps. No wait, not just proxying iPhone apps, but proxying iPhone apps traffic over 3G. Is there a setting for that? No! (At least there isn't in iOS 5, 6 does, but only through the configuration utility)
It was a pain in the ass, but it is possible with caveats. Firstly, the iPhone has to be jailbroken, secondly, you need to edit some config files. If you're cool with that read on.
Jailbreak your phone.
Edit the /private/var/preferences/SystemConfiguration/preferences.plist file.
Locate the "ip1" section:
Then add the following section afterwards:
Create the following file: /private/var/preferences/proxy.pac
and add the following.
function FindProxyForURL(url, host)
return "PROXY YOUR_EXTERNAL_IP:8080";
Note: As this is over the 3G network, your proxy needs to be available on the internet, if you're planning on using burp I'd probably use a netcat tunnel to use your proxy on a box you have on EC2, alternatively just open up a port on your home router and use that.
Fire up your proxy and restart your phone, it doesn't get much simpler than that.
Something I've been doing to make app testing a bit easier is use Veency, it's a VNC tool (available on Cydia) for your iPhone allowing you to interact with it via your PC, it makes life a lot easier when you have full use of your keyboard and mouse on your phone.
Proxying 3G traffic actually yielded some interesting results, certain apps that weren't even active authenticated (over plain text) with their servers on phone boot. I won't give away who here, but they have been notified that this is bad.
Hope that was somewhat useful, it was for me anyway, until next time, come say hello @bdpuk.