> For the complete documentation index, see [llms.txt](https://blog.1nf1n1ty.team/hacktricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://blog.1nf1n1ty.team/hacktricks/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md).

# iOS Burp Suite Configuration

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/files/EX2wFQFzQGbAshe8pMtd" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/files/EX2wFQFzQGbAshe8pMtd" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/files/vDpkxwggcJNOToA5gU8r" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/files/vDpkxwggcJNOToA5gU8r" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="/files/CyTNm0UxWiuEPN4jTLRU" alt=""><figcaption></figcaption></figure>

\
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks\&utm_medium=text\&utm_campaign=ppc\&utm_term=trickest\&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="<https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios>" %}

## Installing the Burp Certificate on iOS Devices

For secure web traffic analysis and SSL pinning on iOS devices, the Burp Suite can be utilized either through the **Burp Mobile Assistant** or via manual configuration. Below is a summarized guide on both methods:

### Automated Installation with Burp Mobile Assistant

The **Burp Mobile Assistant** simplifies the installation process of the Burp Certificate, proxy configuration, and SSL Pinning. Detailed guidance can be found on [PortSwigger's official documentation](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing).

### Manual Installation Steps

1. **Proxy Configuration:** Start by setting Burp as the proxy under the iPhone's Wi-Fi settings.
2. **Certificate Download:** Navigate to `http://burp` on your device's browser to download the certificate.
3. **Certificate Installation:** Install the downloaded profile via **Settings** > **General** > **VPN & Device Management**, then enable trust for the PortSwigger CA under **Certificate Trust Settings**.

### Configuring an Interception Proxy

The setup enables traffic analysis between the iOS device and the internet through Burp, requiring a Wi-Fi network that supports client-to-client traffic. If unavailable, a USB connection via usbmuxd can serve as an alternative. PortSwigger's tutorials provide in-depth instructions on [device configuration](https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp) and [certificate installation](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device).

### Advanced Configuration for Jailbroken Devices

For users with jailbroken devices, SSH over USB (via **iproxy**) offers a method to route traffic directly through Burp:

1. **Establish SSH Connection:** Use iproxy to forward SSH to localhost, allowing connection from the iOS device to the computer running Burp.

   ```bash
   iproxy 2222 22
   ```
2. **Remote Port Forwarding:** Forward the iOS device's port 8080 to the computer's localhost to enable direct access to Burp's interface.

   ```bash
   ssh -R 8080:localhost:8080 root@localhost -p 2222
   ```
3. **Global Proxy Setting:** Lastly, configure the iOS device's Wi-Fi settings to use a manual proxy, directing all web traffic through Burp.

### Full Network Monitoring/Sniffing

Monitoring of non-HTTP device traffic can be efficiently conducted using **Wireshark**, a tool capable of capturing all forms of data traffic. For iOS devices, real-time traffic monitoring is facilitated through the creation of a Remote Virtual Interface, a process detailed in [this Stack Overflow post](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819). Prior to beginning, installation of **Wireshark** on a macOS system is a prerequisite.

The procedure involves several key steps:

1. Initiate a connection between the iOS device and the macOS host via USB.
2. Ascertain the iOS device's **UDID**, a necessary step for traffic monitoring. This can be done by executing a command in the macOS Terminal:

```bash
$ rvictl -s <UDID>
Starting device <UDID> [SUCCEEDED] with interface rvi0
```

3. Post-identification of the UDID, **Wireshark** is to be opened, and the "rvi0" interface selected for data capture.
4. For targeted monitoring, such as capturing HTTP traffic related to a specific IP address, Wireshark's Capture Filters can be employed:

## Burp Cert Installation in Simulator

* **Export Burp Certificate**

In *Proxy* --> *Options* --> *Export CA certificate* --> *Certificate in DER format*

![](/files/OQiHTJdLTF7DiHN3eLmX)

* **Drag and Drop** the certificate inside the Emulator
* **Inside the emulator** go to *Settings* --> *General* --> *Profile* --> *PortSwigger CA*, and **verify the certificate**
* **Inside the emulator** go to *Settings* --> *General* --> *About* --> *Certificate Trust Settings*, and **enable PortSwigger CA**

![](/files/2nweRjd5QIMkynEwjr2n)

**Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator**

{% hint style="info" %}
**The iOS simulator will use the proxy configurations of the MacOS.**
{% endhint %}

### MacOS Proxy Configuration

Steps to configure Burp as proxy:

* Go to *System Preferences* --> *Network* --> *Advanced*
* In *Proxies* tab mark *Web Proxy (HTTP)* and *Secure Web Proxy (HTTPS)*
* In both options configure *127.0.0.1:8080*

![](/files/49HEyxOMdP9sfnwyPQU0)

* Click on ***Ok*** and the in ***Apply***

<figure><img src="/files/CyTNm0UxWiuEPN4jTLRU" alt=""><figcaption></figcaption></figure>

\
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks\&utm_medium=text\&utm_campaign=ppc\&utm_term=trickest\&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="<https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios>" %}

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/files/EX2wFQFzQGbAshe8pMtd" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/files/EX2wFQFzQGbAshe8pMtd" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/files/vDpkxwggcJNOToA5gU8r" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/files/vDpkxwggcJNOToA5gU8r" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
