Let’s read some Cybersecurity Blogs.
Today we will learn, how to configure IOS devices to use Burp Suite. It would help to intercept the request of apps for application testing purposes.
In my last blog, we have read how to set up and download Burp Suite for Windows & Linux, you can read it here…
Now first we need to fire up Burp Suite on our laptop
Once it got started, go to the proxy tab there you will be able to see the options tab where we usually do settings for all intercepting requests.
After reaching the options tab goes for “ADD” click on it, and now you need to add a port & IP(interface). For intercepting the requests from the phone like earlier it is set to 127.0.0.1:8080 but we can not use 127.0.0.1 on your mobile so we should change this.
So here I have set the Port no. to “8082” and after that, we have to set the address, usually set this to all interfaces.
Hit on “YES” and move forward (It is asking that are you sure you want to set the address and port.)
The interface got added there, the important thing is that we need to “untick“❎ the earlier address and port. If you do not close that it will intercept both the web interface of your laptop and even for your IOS device.
And it’s time to set up some configuration on our IOS device, to get connect with burp suite so it would intercept the request & response of applications.
Go to Settings in your IOS device and then go to WIFI to set up Proxy settings.
Go to the connected wifi, click on that
At last, you can be able to see the tab “Configure Proxy” where we need to set up the proxy.
By default it would be in “Off“ mode changed it to “Manual“ and then we should enter the server address(IP address of laptop), in my case it is 192.168.0.107 and the port number is 8082(the port number we have set while configuring burp suite)
IP address find:
Linux(type command in terminal) : ifconfig
Windows(type command in cmd) : ipconfig
Go in your “Safari browser“ and search for “http://burp“.
It provides you the certificate which will help you to capture the request of all secure site and apps. Download it.
Allow this and it will get the download.
Once you have downloaded the certificate, go to settings, and then after going to general there you will see the profile tab, where all the configuration files got stored from there we need to install it.
Settings -> General -> Profile -> certificate install
When you have installed certificate from there we need to give the permission that the certificate is “trustable“. So that it will not leak any sensitive data from phone.
Settings -> General -> About -> Certificate Trust Settings
Enable the Portswigger CA, so IOS can trust it.
Once all configuration got over I moved forward and open my “Linkedin app” and boom!! it got intercepted.
Succesfully we are able to Configure the IOS device for Burp Suite.
It’s over for today and time to say GOODBYE for now.