Tuesday, November 23, 2010

iPhone + Burp

This is one of those things that is super simple and I figure most folks have already done or know how to do. There may be a few people out there whose time I save with this post. Who knows. Lets get on with it.

Just as with the Droid apps, when an untrusted certificate (Burp) shows up for an app requiring SSL/TLS, the app crashes and burns. The best way (same as Droid) to fix this is to import Burp as a trusted Certificate Authority (CA).

Why would we want to do this? Apps on mobile phones are cool but some would argue the web-services the apps are communicating with can be even juicier. We'd like to intercept the communication to the web-services and play around a bit.

You'll need to export the Burp Certificate, I usually open Firefox, set the browser to run thru Burp, view the certificate, export the certificate. Much like this.........

Browse to https://twitter.com (while proxying thru Burp)

"Get Certificate"

Select PortSwigger's cert

Save Certificate with a .cer extension (.cer is what the iPhone recognizes)

Start a web server to host the PortSwiggerCA.cer 

Browse to the location of the PortSwigger.cer file

The iPhone detects .cer, asks you to install as a CA, do it :-)

WiFi configuration, click the blue arrow on the right of your network

  Configure with Burp's IP & Proxy

Hopefully that was easy enough to follow along. Now you can proxy your iPhone apps thru Burp.

~Happy Hacking


emmanuel said...

I have followed all the different step.
But when I'am adding PortSwigger CA to my iPad, I don't see the green "Trusted" but a red "Untrusted".
Any idea ?
Thanks for this article.

cktricky said...

Typically it says Untrusted prior to you clicking the install button. Once you install, it should become trusted.

Fabricio Braz said...

It was supposed to be widespreaded as you mentioned, but I didnt know that, and I appreciate your post. The following link has a content that makes the certificate setup easier: http://stackoverflow.com/questions/2313987/iphone-install-certificate-for-ssl-connection


"I've found the best way is to do the following: 1) Use your desktop browser to save the certificate locally. 2) Write an email to yourself and include the cert as an attachment 3) Read the email on your iOS device 4) Open the cert using the iOS mail app. This will install it on your device."

Anonymous said...

Make sure you have the Burp proxy set to "use a self-signed certificate" before exporting from the browser.