Utility for sniffing SSL/TLS encrypted traffic on a jailbroken iOS device.
CFNetwork.framework contains a debug/verbosity global, enforcing a dump of every packet transferred through it, to be
logged into device syslog in plaintext form. In order to have a nicer view with clean control flow of this traffic, we
attach each such packet appropriate TCP flags and write it back into a PCAP file.
This allows us to later dissect this traffic using popular and convenient tools (e.g. Wireshark 🦈). Assuming you have a jailbroken iOS device, this Python3 tool can automate this process.
python3 -m pip install -U iosslsniffer
This package relies on the ability to modify Apples logging global, Thus requires a jailbroken device.
In addition, a global preference key is need to set AppleCFNetworkDiagnosticLogging.
rpc_server on
a jailbroken device.rpc_client in the sniffer.
rpc_client just provide the rpc_server port:
python3 -m iosslsniffer setup -p 5910
python3 -m iosslsniffer sniff
rpc_server:
AppleCFNetworkDiagnosticLogging to 3 (restart required)p.syslog.set_harlogger_for_all(True)
user@Users-Mac-mini-7 ~/ @ rpcclient 127.0.0.1
Welcome to the rpcclient interactive shell! You interactive shell for controlling the remote rpcserver.
Feel free to use the following globals:
🌍 p - the injected process
🌍 symbols - process global symbols
Have a nice flight ✈️!
Starting an IPython shell... 🐍
In [1]: pref = p.preferences.sc.open('/private/var/Managed Preferences/mobile/.GlobalPreferences.plist')
In [2]: pref.set('AppleCFNetworkDiagnosticLogging',3)
restart.........
In [1]: p.syslog.set_harlogger_for_all(True)
In order to enable CFNetworkDiagnostics the key AppleCFNetworkDiagnosticLogging needs to be set, this is done as
part of iosslsniffer setup command.
A restart is required incase the key was not set.
Usage: python -m iosslsniffer [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
setup Setup all prerequisites required inorder to sniff the SSL traffic
sniff Sniff the traffic
FAQs
Sniffer for encrypted traffic
We found that iosslsniffer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.