Intercepting iPhone traffic with your MacBookThere are probably lots of ways to set up a monitoring station so that you can watch your iPhone’s traffic. This just shows one way to do it, using the tools I have available. There’s nothing really new about this, though it did take me a while to figure out the shell commands.
This shows you how to:
- route all your iPhone traffic through your MacBook
- set up ZAP proxy for analyzing your HTTP/HTTPS traffic
- install ZAP's CA Certificate on your iPhone
Step 1: Use your MacBook as a router
In this step we will force all the traffic from the iPhone to go through the MacBook.
Set up your MacBook to forward iPhone trafficOpen a Terminal, and run these commands:
Enable IP Forwarding:
Set natd to cause traffic to be redirected from your MacBook to the real router. The alias_address should be the address of your MacBook, and the address in redirect_port should be the address of your router.
$ sudo sysctl -w net.inet.ip.forwarding=1
Set the firewall to use the natd rules that were just created
$ sudo natd -alias_address 192.168.1.100 -interface en1 -use_sockets -same_ports -dynamic -clamp_mss -redirect_port udp 192.168.1.254:53 53
$ sudo ipfw flush $ sudo ipfw add divert natd all from any to any via en1 $ sudo ipfw add allow ip from any to any
Configure your iPhone
- Put your iPhone into Airplane Mode
- Turn on your iPhone’s Wifi
- Open your wifi network settings: Settings > Wifi > Then tap the blue arrow next to your network
- Tap ‘Static’ to set up a static route through your MacBook
- Use these settings (changing to suit your network)
Subnet Mask: 255.255.255.0
Router: Enter the IP address of your MacBook
DNS: Enter the IP address of your MacBook
Your iPhone traffic should be going through your MacBook now.
Step 2: Proxy your iPhone web traffic
Create an SSL CA CertificateDownload and install OWASP ZAP. Run it and open up the Settings menu. Create a new Dynamic SSL certificate, and save it.
Install that Certificate on your iPhoneDownload the iPhone Configuration Utility
There are some good instructions here, but the steps are:
- Run the iPhone Configuration Utility and create a new Configuration Profile (File -> New Configuration Profile)
- Give it a name in the General tab
- Open the Credentials tab and add the certificate you just created
- Connect your iPhone via USB cable
- Click on your iPhone in the Devices tab
- In the Configuration Profiles tab, find the configuration profile you just created and click Install