We are looking for a Wireshark-like tool to use on the iPhone to test a 3rd party application before partnering with the 3rd party. Any suggestions?
This question is related to
iphone
security
networking
wireshark
Run it through a proxy and monitor the traffic using Wireshark.
The best solution I have found that Works:
Connect your device thru USB
And type these commands:
rvictl -s UDID - (id of device 20 chars, you can locate 4t in iTunes or organiser in Xcode)
sudo launchctl list com.apple.rpmuxd
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode
For more info: Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
On a jailbroken iPhone/iPod capturing traffic is done nicely by both "tcpdump" and "pirni"- available in the cydia repository. Analysis of these data are done by tranfering the capture over to another machine and using something like wireshark. However, given the active development that seems to be going on with these tools it's possible that soon the iPhone will handle it all.
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
On a jailbroken iPhone/iPod capturing traffic is done nicely by both "tcpdump" and "pirni"- available in the cydia repository. Analysis of these data are done by tranfering the capture over to another machine and using something like wireshark. However, given the active development that seems to be going on with these tools it's possible that soon the iPhone will handle it all.
i
symbol > At the bottom Proxy > Set to manual and then for the server put the computer you are working on IP address, for port put 8888 as that is the default for each of these applicationsGeneral notes for the final section, if you want to sniff all the network traffic would be to use ARP spoofing to forward all the traffic from your iOS to a laptop/desktop. There are multiple tools to ARP spoof and research would need to be done on all the specifics. This allows you to see every ounce of traffic as your router will route all data meant for the iOS device to the laptop/desktop and then you will be forwarding this data to the iOS device (automatically).
Please note I only recommend this as a last resort.
Com'on, no mention of Fiddler? Where's the love :)
Fiddler is a very popular HTTP debugger aimed at developers and not network admins (i.e. Wireshark).
Setting it up for iOS is fairly simple process. It can decrypt HTTPS traffic too!
Our mobile team is finally reliefed after QA department started using Fiddler to troubleshoot issues. Before fiddler, people fiddled around to know who to blame, mobile team or APIs team, but not anymore.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
Here is another way http://www.tuaw.com/2011/02/21/how-to-inspect-ioss-http-traffic-without-spending-a-dime/
I didn't see Roger Nolan's reply, the above link is same workflow with a different tool.
Without knowing exactly what your requirements are, here's what I did to see packts go by from the iPhone: Connect a mac on ethernet, share its network over airport and connect the iPhone to that wireless network. Run Wireshark or Packet Peeper on the mac.
Depending on what you want to do runnning it via a Proxy is not ideal. A transparent proxy might work ok as long as the packets do not get tampered with.
I am about to reverse the GPS data that gets transferred from the iPhone to the iPad on iOS 4.3.x to get to the the vanilla data the best way to get a clean Network Dump is to use "tcpdump" and/or "pirni" as already suggested.
In this particular case where we want the Tethered data it needs to be as transparent as possible. Obviously you need your phone to be JailBroken for this to work.
i
symbol > At the bottom Proxy > Set to manual and then for the server put the computer you are working on IP address, for port put 8888 as that is the default for each of these applicationsGeneral notes for the final section, if you want to sniff all the network traffic would be to use ARP spoofing to forward all the traffic from your iOS to a laptop/desktop. There are multiple tools to ARP spoof and research would need to be done on all the specifics. This allows you to see every ounce of traffic as your router will route all data meant for the iOS device to the laptop/desktop and then you will be forwarding this data to the iOS device (automatically).
Please note I only recommend this as a last resort.
Without knowing exactly what your requirements are, here's what I did to see packts go by from the iPhone: Connect a mac on ethernet, share its network over airport and connect the iPhone to that wireless network. Run Wireshark or Packet Peeper on the mac.
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
Run it through a proxy and monitor the traffic using Wireshark.
Try Debookee on Mac OS X which will intercept transparently the traffic of your iPhone without need of a proxy, thanks to MITM, as stated before. You'll then see in real time the different protocols used by your device.
Disclaimer: I'm part of the development team of Debookee, which is a paid application. The trial version will show you all functionnalities for a limited time.
I use Charles Web Debugging Proxy it costs but they have a trial version.
It is very simple to set up if your iPhone/iPad share the same Wifi network as your Mac.
If your Mac and iOS device are not on the same Wifi network you can set up your Mac as a Wifi router using the "Internet Sharing" option under Sharing in the System Preferences. You then connect your device to that "Wifi" network and follow the steps above.
Here is another way http://www.tuaw.com/2011/02/21/how-to-inspect-ioss-http-traffic-without-spending-a-dime/
I didn't see Roger Nolan's reply, the above link is same workflow with a different tool.
Depending on what you want to do runnning it via a Proxy is not ideal. A transparent proxy might work ok as long as the packets do not get tampered with.
I am about to reverse the GPS data that gets transferred from the iPhone to the iPad on iOS 4.3.x to get to the the vanilla data the best way to get a clean Network Dump is to use "tcpdump" and/or "pirni" as already suggested.
In this particular case where we want the Tethered data it needs to be as transparent as possible. Obviously you need your phone to be JailBroken for this to work.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
I use Charles Web Debugging Proxy it costs but they have a trial version.
It is very simple to set up if your iPhone/iPad share the same Wifi network as your Mac.
If your Mac and iOS device are not on the same Wifi network you can set up your Mac as a Wifi router using the "Internet Sharing" option under Sharing in the System Preferences. You then connect your device to that "Wifi" network and follow the steps above.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
The best solution I have found that Works:
Connect your device thru USB
And type these commands:
rvictl -s UDID - (id of device 20 chars, you can locate 4t in iTunes or organiser in Xcode)
sudo launchctl list com.apple.rpmuxd
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode
For more info: Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
A man-in-the-middle proxy, like suggested by other answers, is a good solution if you only want to see HTTP/HTTPS traffic.
The best solution for packet sniffing (though it only works for actual iOS devices, not the simulator) I've found is to use rvictl
. This blog post has a nice writeup. Basically you do:
rvictl -s <iphone-uid-from-xcode-organizer>
Then you sniff the interface it creates with with Wireshark (or your favorite tool), and when you're done shut down the interface with:
rvictl -x <iphone-uid-from-xcode-organizer>
This is nice because if you want to packet sniff the simulator, you're having to wade through traffic to your local Mac as well, but rvictl
creates a virtual interface that just shows you the traffic from the iOS device you've plugged into your USB port.
Note: this only works on a Mac.
Run it through a proxy and monitor the traffic using Wireshark.
Com'on, no mention of Fiddler? Where's the love :)
Fiddler is a very popular HTTP debugger aimed at developers and not network admins (i.e. Wireshark).
Setting it up for iOS is fairly simple process. It can decrypt HTTPS traffic too!
Our mobile team is finally reliefed after QA department started using Fiddler to troubleshoot issues. Before fiddler, people fiddled around to know who to blame, mobile team or APIs team, but not anymore.
A man-in-the-middle proxy, like suggested by other answers, is a good solution if you only want to see HTTP/HTTPS traffic.
The best solution for packet sniffing (though it only works for actual iOS devices, not the simulator) I've found is to use rvictl
. This blog post has a nice writeup. Basically you do:
rvictl -s <iphone-uid-from-xcode-organizer>
Then you sniff the interface it creates with with Wireshark (or your favorite tool), and when you're done shut down the interface with:
rvictl -x <iphone-uid-from-xcode-organizer>
This is nice because if you want to packet sniff the simulator, you're having to wade through traffic to your local Mac as well, but rvictl
creates a virtual interface that just shows you the traffic from the iOS device you've plugged into your USB port.
Note: this only works on a Mac.
Try Debookee on Mac OS X which will intercept transparently the traffic of your iPhone without need of a proxy, thanks to MITM, as stated before. You'll then see in real time the different protocols used by your device.
Disclaimer: I'm part of the development team of Debookee, which is a paid application. The trial version will show you all functionnalities for a limited time.
Source: Stackoverflow.com