0

I am trying to capture https traffic from a specific application on IOS. It's not working. I went through all the legit steps and 1. Installed Bouncy Castle, installed IOS compatible certificate on IOS device, then told it to use my computer as a proxy, and trusted the certificate on IOS. I can now decode "some" https traffic but it isn't decoding the traffic from the app i'm trying to sniff the api from.

I did this exact scenario on android with mixed results because android stored the certificate in the "user" storage so i had to actually patch the apk i was monitoring. I was under the impression that jumping through hoops like that weren't necessary on IOS though. Any ideas?

Note: A fiddler everywhere answer is fine too. I have a trial set up to test it.

John Lord
  • 1,941
  • 12
  • 27
  • So you tried Fiddler classic not Everywhere? Not sure what you want to tell us by "Installed BouncyCastle" - on iOS no such steps are necessary. You simply have to install and activate the root CA certificate. Note that Fiddler Classic may generate certificates that may be not accepted by iOS. Install and activate the [CertMaker](https://www.telerik.com/fiddler/add-ons) for Fiddler Classic (creates a new root Ca certificate). Also keep in mind that apps may use certificate pinning – Robert Oct 25 '22 at 07:21
  • I tried both. I tried using fiddler classic with the certmaker plugin (certmaker is based on bouncy castle) and it did in fact decrypt web traffic but it's not decrypting 3rd party stuff. I'm afraid certificate pinning may be the issue here but i just learned about that even existing yesterday. Apparently you have to do what i did on the android app: patch the file to use a different certificate. – John Lord Oct 25 '22 at 16:08

0 Answers0