KalyanChakravarthy.net

home photos apps about

Sniff HTTP traffic on iOS

Sun 29 June 2014

On my way to reverse engineer the api's of a particular app, I stumbled upon a problem on how to sniff network traffic. The obvious choice was either to jailbreak or run a proxy server and use Charls Proxy to sniff. The later is a good solution, if if I wanted to inspect HTTPS.

Since I was only interested in HTTP Headers, I found the ideal solution - Remote Virtual Interface Tool or rvictl which remotely captures packets from any connected mobile device (read iOS devices)

Steps to use rvictl

  1. Start rvictl

    rvictl -s <UDID>
    rvictl -s c3562752e8858dd3d93616014ca2536f
    
  2. run tcpdump

    $ tcpdump -n -t -i rvi0 -q -A tcp
    
    • -q = quiet mode
    • -A = output tcp packet
  3. Stop rvictl

    rvictl -x <UDID>
    

Notes

  • This is only works for plain HTTP traffic
  • In case of gzipped content, only the HTTP Headers will be visible. The content itself will appear as garbage
  • For more detailed setup using wireshark read this post