iPhone and WireShark [closed]

前端未结

关注

 10  1229

醉话见心 2020-12-07 07:17

10条回答

再見小時候 (楼主)

2020-12-07 07:50
I had to do something very similar to find out why my iPhone was bleeding cellular network data, eating 80% of my 500Mb allowance in a couple of days.

Unfortunately I had to packet sniff whilst on 3G/4G and couldn't rely on being on wireless. So if you need an "industrial" solution then this is how you sniff all traffic (not just http) on any network.

Basic recipe:
1. Install VPN server
2. Run packet sniffer on VPN server
3. Connect iPhone to VPN server and perform operations
4. Download .pcap from VPN server and use your favourite .pcap analyser on it.
Detailed'ish instructions:
1. Get yourself a linux server, I used Fedora 20 64bit from Digirtal Ocean on a $5/month box
2. Configure OpenVPN on it. OpenVPN has comprehensive instructions
3. Ensure you configure the Routing all traffic through the VPN section
4. Be aware the instructions for (3) are all iptables which has been superseded, at time of writing, by firewall-cmd. This website explains the firewall-cmd to use
5. Check that you can connect your iPhone to the VPN. I did this by downloading the free OpenVPN software. I then set up a OpenVPN certificate. You can embed your ca, crt & key files by opening up and embedding the --- BEGIN CERTIFACTE --- ---- END CERTIFICATE --- in < ca > < /ca > < crt >< /crt>< key > < /key > blocks. Note that I had to do this in Mac with text editor, when I used notepad.exe on Win it didn't work. I then emailed this to my iphone and picked installed it.
6. Check the iPhone connects to VPN and routes it's traffic through (google what's my IP should return the VPN server IP when you run it on iPhone)
7. Now that you can connect go to your linux server & install wireshark (yum install wireshark)
8. This installs tshark, which is a command line packet sniffer. Run this in the background with screen tshark -i tun0 -x -w capture.pcap -F pcap (assuming vpn device is tun0)
9. Now when you want to capture traffic simply start the VPN on your machine
10. When complete switch off the VPN
11. Download the .pcap file from your server, and run analysis as you normally would. It's been decrypted on the server when it arrives so the traffic is viewable in plain text (obviously https still encrypted)
Note that the above implementation is not security focussed it's simply about getting a detailed packet capture of all of your iPhone's traffic on 3G/4G/Wireless networks
0 讨论(0)

查看其它10个回答
发布评论:

提交评论
- 加载中...

热议问题