Hacktricks-skills ios-burp-configuration
Configure Burp Suite for iOS device traffic interception and SSL pinning bypass. Use this skill whenever the user needs to set up Burp proxy on iOS devices, install Burp certificates, configure iOS simulators for mobile security testing, analyze iOS network traffic, or perform iOS mobile pentesting with Burp Suite. Make sure to use this skill for any iOS security testing involving network traffic analysis, proxy configuration, or certificate installation.
git clone https://github.com/abelrguezr/hacktricks-skills
skills/mobile-pentesting/ios-pentesting/burp-configuration-for-ios/SKILL.MDiOS Burp Suite Configuration
This skill guides you through configuring Burp Suite for iOS device traffic interception, SSL pinning bypass, and network analysis.
Quick Start
- Choose your method: Automated (Burp Mobile Assistant) or Manual
- Configure proxy: Set up iOS device to route traffic through Burp
- Install certificate: Trust the Burp CA certificate on the device
- Verify: Test that traffic flows through Burp
Method 1: Automated Installation (Recommended)
Use Burp Mobile Assistant for the simplest setup:
- Download and install Burp Mobile Assistant from PortSwigger
- Connect your iOS device via USB
- Follow the assistant's guided setup for:
- Burp certificate installation
- Proxy configuration
- SSL pinning bypass
When to use: First-time setup, non-technical users, or when you want the most reliable configuration.
Method 2: Manual Installation
Step 1: Configure Proxy on iOS
- Connect iOS device to the same Wi-Fi network as your Burp machine
- On iOS: Settings → Wi-Fi → tap the (i) icon for your network
- Scroll to HTTP Proxy → select Manual
- Enter:
- Server: Your Burp machine's IP address
- Port:
8080
- Toggle Use Automatic Proxy Configuration to OFF
- Save and return
Step 2: Download Burp Certificate
- Open Safari on the iOS device
- Navigate to:
(orhttp://burp
)http://<burp-ip>:8080 - Download the certificate file (usually
)cacert.der
Step 3: Install and Trust Certificate
- Go to Settings → General → VPN & Device Management
- Tap the downloaded profile (PortSwigger CA)
- Tap Install and enter passcode if prompted
- Go to Settings → General → About → Certificate Trust Settings
- Under Enable Full Trust for Root Certificates, toggle PortSwigger CA to ON
- Confirm the warning dialog
Step 4: Verify Configuration
- Open Safari on iOS and visit
https://httpbin.org/ip - Check Burp's Proxy → HTTP history tab
- You should see the request appear in Burp
Advanced: Jailbroken Devices
For jailbroken iOS devices, use SSH over USB for direct traffic routing:
Prerequisites
- Jailbroken iOS device
installed on your machineiproxy- SSH access to the device (root)
Setup Commands
# Forward SSH port from iOS to localhost iproxy 2222 22 # Create remote port forward to Burp ssh -R 8080:localhost:8080 root@localhost -p 2222
Configure iOS Proxy
After establishing the SSH tunnel:
- On iOS: Settings → Wi-Fi → (i) → HTTP Proxy → Manual
- Set Server:
127.0.0.1 - Set Port:
8080 - Save
Why this works: The SSH tunnel routes iOS traffic directly to your Burp instance without requiring network-level proxy configuration.
iOS Simulator Configuration
For testing on iOS Simulator (macOS only):
Step 1: Export Burp Certificate
- In Burp Suite: Proxy → Options → Export CA certificate
- Select Certificate in DER format
- Save as
burp.der
Step 2: Import to Simulator
- Drag and drop
into the iOS Simulator windowburp.der - The certificate will be installed automatically
Step 3: Trust the Certificate
- In Simulator: Settings → General → Profile
- Tap PortSwigger CA
- Tap Verify
- Go to Settings → General → About → Certificate Trust Settings
- Toggle PortSwigger CA to ON
- Confirm the warning
Step 4: Configure macOS Proxy
The iOS Simulator inherits macOS proxy settings:
- System Preferences → Network → Advanced
- Select Proxies tab
- Check:
- ☑ Web Proxy (HTTP)
- ☑ Secure Web Proxy (HTTPS)
- For both, enter:
- Proxy Server:
127.0.0.1 - Port:
8080
- Proxy Server:
- Click OK → Apply
Note: The simulator will now route all traffic through Burp automatically.
Network Traffic Monitoring with Wireshark
For capturing non-HTTP traffic (TCP, UDP, etc.) from iOS devices:
Prerequisites
- macOS with Wireshark installed
- iOS device connected via USB
tool available (comes with Wireshark on macOS)rvictl
Setup Steps
-
Get the iOS device UDID:
# List connected devices rvictl -l -
Start remote virtual interface:
rvictl -s <UDID> # Output: Starting device <UDID> [SUCCEEDED] with interface rvi0 -
Open Wireshark and select interface
rvi0 -
Apply capture filters (optional):
- For specific IP:
host 192.168.1.100 - For HTTP only:
tcp port 80 or tcp port 443 - For specific app traffic:
host <app-server-ip>
- For specific IP:
Useful Wireshark Filters
| Filter | Description |
|---|---|
| HTTP traffic only |
| Encrypted TLS traffic |
| Traffic to/from specific IP |
| HTTPS traffic |
| All IP traffic to/from address |
Troubleshooting
Certificate Not Trusted
Symptom: Apps show SSL errors or refuse to connect
Fix:
- Verify you enabled full trust in Certificate Trust Settings
- On iOS 15+, some apps require additional SSL pinning bypass
- Try reinstalling the certificate (delete old profile first)
No Traffic Appearing in Burp
Symptom: Burp shows no HTTP history
Checklist:
- iOS device and Burp machine on same network
- Proxy settings correctly configured on iOS
- Burp is listening on port 8080
- Firewall not blocking port 8080
- Certificate is trusted (not just installed)
Simulator Not Routing Through Burp
Symptom: Simulator traffic doesn't appear in Burp
Fix:
- Verify macOS proxy settings are applied
- Restart the iOS Simulator after changing proxy settings
- Check that Burp is running and listening on 8080
Quick Reference
| Task | Command/Path |
|---|---|
| Export Burp cert | Proxy → Options → Export CA certificate |
| iOS cert install | Settings → General → VPN & Device Management |
| Trust cert | Settings → General → About → Certificate Trust Settings |
| macOS proxy | System Preferences → Network → Advanced → Proxies |
| Start rvictl | |
| iproxy SSH | |