Intercepting traffic over HTTPS
Now, with the previous setup, if we try to open any HTTPS site, we will simply be unable to open it due to the invalid SSL certificate, as shown in the following screenshot:
Here, we need to first generate Burp Suite CA certificate on the local system and then install it on iDevice.
Let's follow the given steps to intercept an iOS application's HTTPS traffic:
- Set the Burp Suite in order to listen on the loopback address only. It will intercept our base system's network traffic:
- Now, Burp Suite proxy is ready to listen traffic ...
Get Learning iOS Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.