Re: Capturing HTTPS traffic from iPhone/iPad

[Dimitrios Kapsalis <dimitrios () gmail com>]

Hi Josh,

I did extract the certificate from burp and added it to my devices trusted
store by emailing the certificate to myself.

In the settings it shows that the certificate is now trusted. Can you send
the serial number of the cert to confirm I have the correct one?

Additionally, I tried another application, at first it did not work. After
installing the burp cert I can capture its traffic. The original
application still fails.

Thanks,
Jim


On Fri, Feb 3, 2012 at 8:26 AM, Joshua Wright <jwright () hasborg com> wrote:

> On 2/2/2012 1:12 PM, Dimitrios Kapsalis wrote:
>
> > I have updated my iOS device to 5.0.1, in order to try to capture the
> > HTTPS traffic from an application.
> >
> > The application returns an error that the the connection cannot be
> > established. I've tried it with the WebScarab, Fiddler, and Burp. I've
> > installed for each the certificate in my iOS device and configured the
> > network connection to point to my laptop that is running my proxy
> > software.
> >
> > I've confirmed that the connection is correct because I am able to see
> > HTTP traffic.
> >
> > Has something changed with iOS5 that prevents native applications from
> > being intercepted?
>
> No, I am doing this with Burp on iOS 5.0.1 and it works well.  Have you
> exported the Burp certificate and added it to the trust store on the iOS
> device?
>
> -Josh
> ______________________________**_________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com