O'Reilly logo

Learning iOS Penetration Testing by Swaroop Yermalkar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Intercepting traffic over HTTPS

Now, with the previous setup, if we try to open any HTTPS site, we will simply be unable to open it due to the invalid SSL certificate, as shown in the following screenshot:

Intercepting traffic over HTTPS

Here, we need to first generate Burp Suite CA certificate on the local system and then install it on iDevice.

Let's follow the given steps to intercept an iOS application's HTTPS traffic:

  1. Set the Burp Suite in order to listen on the loopback address only. It will intercept our base system's network traffic:
    Intercepting traffic over HTTPS
  2. Now, Burp Suite proxy is ready to listen traffic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required