PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing HTTPS traffic from iPhone/iPad

From: Dimitrios Kapsalis <dimitrios () gmail com>
Date: Sat, 4 Feb 2012 10:20:04 -0600
Hi Josh,

The application has not yet been submitted to the App Store. I'll have to
run a strings on it or see if I can get the source code to understand if
some attribute of the certificate is being checked in the application that
prevents the self-signed cert from working.

Thanks,
Jim

On Sat, Feb 4, 2012 at 8:01 AM, Joshua Wright <jwright () hasborg com> wrote:


On 2/3/2012 11:00 AM, Dimitrios Kapsalis wrote:


Additionally, I tried another application, at first it did not work.
After installing the burp cert I can capture its traffic. The original
application still fails.



It's possible the application is checking the common name on the
certificate, or explicitly matching other certificate elements prior to
accepting the connection.  I think this is an iOS API violation, but maybe
Apple App Store ninjas didn't notice.

Is this an app from the app store?  I can grab it and test it here and let
you know if I get the same result.


-Josh
______________________________**_________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom>
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: