3

I am trying to find a way to get information on all the TCP traffic to and from my IOS application. The application is very simple and composed of a single UIWebView object.

I tried to use swizzling on NSURLRequest but didn't have much luck with that - my version of requestWithURL: is called when I call it NSURLRequest manually, but it doesn't seem to ever be called when going to a page in UIWebView, so I guess its using a different object under the covers.

So I thought of trying to hook into CFSocket functions, but those are not part of a class so I'm not sure how to swizzle them (or if its even possible).

Are there any ways to hook into C functions on IOS, or any other APIs I can try to swizzle to access TCP (or even HTTP) traffic?

I also tried using NSURLCache, which works for most of the main .html pages, but as many people have found out the .cs files and some others don't seem to go through the cache.

Thanks!

Locksleyu
  • 5,192
  • 8
  • 52
  • 77
  • I'm not sure but you might be able to register a protocol handler for the http: protocol which would get invoked on every http request. I have done something similar in Java years ago and I read up on the technique in ObjC but never actually tried it. YMMV. – Cliff Dec 09 '11 at 20:53
  • 1
    Thanks for the suggestion. I looked into that and it seems that you can't override existing protocols like HTTP, but if anyone knows other wise please let me know (: – Locksleyu Dec 09 '11 at 21:29

1 Answers1

1

Just set up an external proxy like Fiddler or Charles to monitor http traffic. Or more complicated, Wireshark for any tcp traffic. This will be much easier than what you're trying and more powerful.

TomSwift
  • 39,369
  • 12
  • 121
  • 149
  • iPhone -> Computer-broadcasting-wifi -> Internet. – fearmint Dec 09 '11 at 23:55
  • Thanks for the idea. Its a long story, but an external solution won't do for what I need unfortunately. Any other ideas? – Locksleyu Dec 09 '11 at 23:57
  • unless you're debugging something that is already deployed I see no reason a proxy wouldn't fit the bill. – TomSwift Dec 10 '11 at 04:14
  • Yeah, I have to deal with a complex network setup where I cannot add any additional external devices, so I need a way to do that client-side. – Locksleyu Dec 11 '11 at 00:32
  • @vame - in most cases you can use Fiddler or Charles and set up a man-in-the-middle attack to decrypt the traffic. Both these apps make it easy to do so. – TomSwift Apr 08 '14 at 18:22
  • @TomSwift you are right, it can be done, but is not -that- trivial: http://stackoverflow.com/a/14907718/700816 – Vame Apr 08 '14 at 18:41
  • @vame - in most cases it is -that- trivial - especially if you're debugging in the simulator. Just install the SSL cert provided by Charles or Fiddler and hit decrypt. Won't work in cases where the app is pinned to the site's SSL cert, but that's pretty rare. Instructions for Charles: http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/. Instructions for Fiddler: http://docs.telerik.com/fiddler/configure-fiddler/tasks/decrypthttps/ – TomSwift Apr 08 '14 at 18:50