Insights on Ruby, Git, jQuery, Cappuccino, WordPress, Debian and OS X. Please subscribe if you find something useful!

Sniff Your iPhone’s Network Traffic

Posted: June 13th, 2009 | Author: Jerod | Filed under: iPhone | Tags: , , | View Comments

Ever wanted (or needed) to see your iPhone’s network traffic? All you need is a wireless LAN and the cross-platform proxy application, Paros. There are other proxy server’s that can be used, but Paros was built for web application security assessments, so it provides an intimate hook into the HTTP request/response flow. Let’s get started!

1) Download and Install Paros

Grab the download from the Paros site. Your install process will differ depending on your O/S, but they’ve provided some install instructions here. Everybody will need the Java Runtime Environment 1.4 or above.

2) Configure Paros

Once installed, launch Paros and find the configuration options (on OS X they are under Tools -> Options). Paros is configured by default to listen on localhost only, but we are going to route our iPhone’s traffic through Paros, so we need to set it to listen on the IP address of the interface connected to the same LAN as the iPhone.

My LAN’s network is 1.1.1.0/16, so I’ll configure the Local Proxy address accordingly:

paros_config

That should be the only setting that we need to fuss with. Paros is all set and listening on port 8080, let’s configure the iPhone to route its traffic through our proxy!

3) Configure iPhone

On the iPhone, open the “Settings” app and navigate to the Wi-Fi page. Once there, edit the settings for the wireless network you are currently connected to (this needs to be the same network where your proxy is running). To do this, click the little blue arrow on the right side of the screen.

config_wifi

Now, scroll all the way to the bottom of the settings page and change the “HTTP Proxy” setting to manual. Enter the IP address and port number of your Paros Proxy.

config_proxy

All set! Now all web traffic to and from the iPhone is routed through Paros. Let’s go see what we can see.

4) Using Paros

The main section of Paros is the “Request/Response/Trap.” As the iPhone talks through Paros to Internet sites, it will display the iPhone’s request and the server’s response. The “trap” functionality allows you to stop either the request or the response and view/modify it before sending it along to the recipient. Trapping is very cool, and why Paros is used for security auditing, but for our purposes we just want to see what is going on, so I won’t explain it any further.

For now, let’s see what happens when we fire up my iPhone’s “App Store” app:

In the bottom section of the screen is the history viewer. There we can see that my iPhone made 4 requests to different servers ( 3 GETs and 1 POST):

history

Highlighting the first GET in the history list shows its details. The iPhone’s HTTP request header looked like this:

request

One noteworthy tidbit is that the iPhone is sending a custom header (X-Apple-Connection-Type) which tells the server that it is connected to WiFi. Next, let’s take a look at the server’s response:

response

Notice that in the response we see both the headers that the server returned AND the response data itself, in this case an xml plist file.

Sniffing traffic like this can help you understand how different iPhone apps work behind the scenes or it can help debug interaction for an app that you’re writing. Hope this helps you get started!

View Comments on “Sniff Your iPhone’s Network Traffic”

  1. 1 Mauvis said at 11:31 am on June 13th, 2009:

    This is a great tutorial!

    Paros worked alright but you can also use Charles proxy which has a ton more features (and is a little less rough around the edges). I've ran with this idea and now I'm viewing my streams from my Samsung Bluray play (with Netflix Streaming) and other devices.

    Thanks!

  2. 2 sant0sk1 said at 11:37 am on June 13th, 2009:

    I've never heard of Charles proxy before. Thanks, I'll have to check it out!

  3. 3 Sniff Your iPhone's Network Traffic | blogtsk1 : All the latest Gadget review and blog said at 12:22 pm on June 13th, 2009:

    [...] from: Sniff Your iPhone's Network Traffic | blogtsk1 Filed Under: iPhonesTagged: debian, howto, iPhones, network-traffic, projects, proxy, response, [...]

  4. 4 steve said at 12:42 am on June 14th, 2009:

    My LAN network is 192.168.2.1. My laptop ip address 192.168.2.101
    On Paros both these scenarios not working
    1. Set the local proxy to 192.168.2.166 and port 8080 in paros and iphone => not working.

    2. I try to test in IE. Tools -> Setting -> Connection -> LAN
    set it to 192.168.2.166 and port 8080
    When browsing IE, Paros not able to get request and response
    However, if I use localhost it work perfectly fine.

    do you know what is the problem?
    Thanks

  5. 5 sant0sk1 said at 6:22 am on June 14th, 2009:

    You should set the IP address for Paros to be the same as your laptop's IP. If your laptop is 192.168.2.166, set your Paros proxy to listen on 192.168.2.166.

    Hope that helps.

  6. 6 steve said at 9:48 am on June 14th, 2009:

    Excellent, no wonder I can not get the request. thanks for the suggestion. it working perfectly now.

  7. 7 Jeroen Teppema said at 5:28 am on June 15th, 2009:

    Works also great with BURP proxy.
    But only for HTTP packets. Is there a way to proxy all traffic, so also apps running on alternate TCP ports?

  8. 8 sant0sk1 said at 6:06 am on June 15th, 2009:

    I haven't tried this myself, but somebody on Hacker News mentioned that you could accomplish something like this using network sharing in OSX.

    Just turn on network sharing over wifi and run a packet sniffer (in osx). then connect to the new network from iphone over wifi.
    SystemPreferences->Sharing->InternetSharing
    Cocoa Packet Analyzer http://www.tastycocoabytes.com/cpa/index.php</b...>

    Might be worth a try…

  9. 9 Harid said at 12:23 am on June 24th, 2009:

    Very helpfull! I could resolve the problem I had with my Iphone.

  10. 10 Simon said at 11:05 pm on August 5th, 2009:

    Thanks for the tutorial – I've managed to get this going but this is only a solution for HTTP GET/POST requests…. is there anyway i can see ALL the traffic – I have certain apps that I would like to see how they work and they give me an error saying “Connection Error” – obviously they can't connect through the proxy – is there another work around for this?!?!

    Thanks in advance!

  11. 11 Simon said at 11:13 pm on August 5th, 2009:

    Whoops – read the comment above….

    1. Just turn on network sharing over wifi and run a packet sniffer (in osx).
    2. Then connect to the new network from iphone over wifi.
    (SystemPreferences->Sharing->InternetSharing)

    Use Cocoa Packet Analyzer http://www.tastycocoabytes.com/cpa/index.php

    WORK LIKE A CHARM!!!

  12. 12 Simon said at 6:05 am on August 6th, 2009:

    Thanks for the tutorial – I've managed to get this going but this is only a solution for HTTP GET/POST requests…. is there anyway i can see ALL the traffic – I have certain apps that I would like to see how they work and they give me an error saying “Connection Error” – obviously they can't connect through the proxy – is there another work around for this?!?!

    Thanks in advance!

  13. 13 Simon said at 6:13 am on August 6th, 2009:

    Whoops – read the comment above….

    1. Just turn on network sharing over wifi and run a packet sniffer (in osx).
    2. Then connect to the new network from iphone over wifi.
    (SystemPreferences->Sharing->InternetSharing)

    Use Cocoa Packet Analyzer http://www.tastycocoabytes.com/cpa/index.php

    WORK LIKE A CHARM!!!

  14. 14 CBCのBlog » 如何嗅探iphone的网络流量 said at 12:17 pm on December 11th, 2009:

    [...] http://blog.jerodsanto.net/2009/06/sniff-your-iphones-network-traffic/ [...]

  15. 15 samwize said at 7:49 am on February 13th, 2010:

    This is useful!

    Anyone knows a good way to run traffic replay on mac?

  16. 16 samwize said at 2:40 am on May 9th, 2010:

    Has this been tested on Windows 7? I was able to proxy the traffic just fine on a Windows XP machine, but when trying to do it on a Windows 7 box I was unable to do it…I had everything setup correctly, but no traffic ever appeared…

  17. 17 Erich Schicker said at 9:09 am on June 18th, 2010:

    Hi, just a question as I did not manage to capture the traffic. Where exactly can I find the necessary information for the Local Proxy address. Which on do I have to use? The WLAN Route Address, the Laptop IP,…

    Thank you, Erich

blog comments powered by Disqus