iOS Mobile App Testing 101: Intercepting and Observing Mobile Application Traffic
16 Jul 2016
Reading time ~1 minute
Establishing a Man-in-the-Middle (MitM) position can give you a great deal of insight into the various HTTP requests and API calls an iOS mobile application makes.
Being able to intercept and observe application traffic can be achieved by:
- Configuring Burp to listen on an interface accessible from the local network.
- Installing Burp’s root CA on the iOS device. This is so that accessing SSL/TLS protected applications is seamless (no verification errors).
That should wrap up all of the requisite configurations needed to observe native iOS application traffic as well as browser traffic.
Here is an example of capturing authentication details from the iOS Mail application: