Sniff HTTP traffic on iOS

Jun 29, 2014

On my way to reverse engineer the api’s of a particular app, I stumbled upon a problem on how to sniff network traffic. The obvious choice was either to jailbreak or run a proxy server and use Charls Proxy to sniff. The later is a good solution, if if I wanted to inspect HTTPS.

Since I was only interested in HTTP Headers, I found the ideal solution - Remote Virtual Interface Tool or rvictl which remotely captures packets from any connected mobile device (read iOS devices)

Steps to use rvictl

1. Start rvictl

 rvictl -s <UDID>
 rvictl -s c3562752e8858dd3d93616014ca2536f

2. run tcpdump

 $ tcpdump -n -t -i rvi0 -q -A tcp	

* -q = quiet mode
* -A = output tcp packet

3. Stop rvictl

 rvictl -x <UDID>

Notes

• This is only works for plain HTTP traffic
• In case of gzipped content, only the HTTP Headers will be visible. The content itself will appear as garbage
• For more detailed setup using wireshark read this post

More posts

• Next: Text to speech on iOS
• Previous: Setting up Core Data