then
438a93c0db
|
5 years ago | |
---|---|---|
README.md | 5 years ago |
README.md
Capturing packets from iOS
Using a Mac with Xcode for non jail broken devices
Prerequisites
Capturing
iDevice, Mac with Xcode and tcpdump installed.
Analysing
Wireshark (Multiplatform)
Get UDID
-
connect iDevice to a MAC
-
get your iDevice UDID in Terminal type:
system_profiler SPUSBDataType | sed -n -e '/iPad/,/Serial/p' -e '/iPhone/,/Serial/p' | grep "Serial Number:" | awk -F ": " '{print $2}'
src ), or if you have Xcode installed src:
instruments -s devices
example UDID string would be: 1e3b5cbfb5614ab31731a7afeade0e6a1f18d021
Create Virtual Network Interface
Use the found UDID to create a new virtual network interface based on you iDevice:
rvictl -s 1e3b5cbfb5614ab31731a7afeade0e6a1f18d021
To see the new interface:
ifconfig -l
It will be listed as 'rvi0'
Record Packets
Record/sniff/dump the packets send to and from your iDevice with tcpdump (...) into file .output.pcap
sudo tcpdump -i rvi0 -w ./output.pcap
Stop the capturing with CTRL+C
Clean up
Stop and remove the virtual interface with:
rvictl -x 1e3b5cbfb5614ab31731a7afeade0e6a1f18d021
Wireshark
Open the output.pcap in Wireshark on the operating system of choice for your listening pleasure.
References
https://osqa-ask.wireshark.org/questions/17559/packet-capturing-application-for-the-iphone