Inspect network traffic of an iOS app

3 April, 2021

I needed access to some of the endpoints used by an iOS app, which also happened to be terrible. There are a couple of different ways to achieve this, probably the simplest of which is to run a proxy somewhere, and route traffic through it. Today I found out about mitmproxy which makes inspecting web traffic going through it very simple.

This fantastic program can be used to intercept, inspect, modify and replay http traffic, WebSockets, or any other SSL/TLS-protected protocols (after installing/trusting the appropriate root certificate from mitm.it).

If you're ever interested in knowing what kind of data an app you use is sending back home, this is a great way to find out.

It's also convenient to find out what sort of non-public-APIs an app is using so you can use them in a more suitable way for you (instead of having to scrape their website, for example, that is if they have one). One way I use this is to find APIs used by news apps (RIP RSS).

mitmproxy also includes mitmweb, a web-based interface that allows the same level of interactive examination and modification.

Unfortunately this method won't work for all apps because of certificate pinning.

$ yay -S mitmproxy
$ # or
$ pip install mitmproxy
$ # or
$ brew install mitmproxy
$ # then
$ mitmproxy --listen-port 8080

Then set proxy settings on iOS (from Wifi settings) to point to <host_ip>:8080, which is enough to capture http traffic. You can capture encrypted ssl/tls-protected traffic by installing root cert from http://mitm.it/.

Find more information about mitmproxy on docs.mitmproxy.org.