Utility for sniffing SSL/TLS encrypted traffic on a jailbroken iOS device.
CFNetwork.framework contains a debug/verbosity global, enforcing a dump of every packet transferred through it, to be
logged into device syslog in plaintext form. In order to have a nicer view with clean control flow of this traffic, we
attach each such packet appropriate TCP flags and write it back into a PCAP file.
This allows us to later dissect this traffic using popular and convenient tools (e.g. Wireshark 🦈). Assuming you have a jailbroken iOS device, this Python3 tool can automate this process.
python3 -m pip install -U iosslsniffer
This package relies on the ability to modify Apples logging global, Thus requires a jailbroken device.
In addition, a global preference key is need to set AppleCFNetworkDiagnosticLogging.
rpc_server on
a jailbroken device.rpc_client in the sniffer.
rpc_client just provide the rpc_server port:
python3 -m iosslsniffer setup -p 5910
python3 -m iosslsniffer sniff
rpc_server:
AppleCFNetworkDiagnosticLogging to 3 (restart required)p.syslog.set_harlogger_for_all(True)
user@Users-Mac-mini-7 ~/ @ rpcclient 127.0.0.1
Welcome to the rpcclient interactive shell! You interactive shell for controlling the remote rpcserver.
Feel free to use the following globals:
🌍 p - the injected process
🌍 symbols - process global symbols
Have a nice flight ✈️!
Starting an IPython shell... 🐍
In [1]: pref = p.preferences.sc.open('/private/var/Managed Preferences/mobile/.GlobalPreferences.plist')
In [2]: pref.set('AppleCFNetworkDiagnosticLogging',3)
restart.........
In [1]: p.syslog.set_harlogger_for_all(True)
In order to enable CFNetworkDiagnostics the key AppleCFNetworkDiagnosticLogging needs to be set, this is done as
part of iosslsniffer setup command.
A restart is required incase the key was not set.
Usage: python -m iosslsniffer [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
setup Setup all prerequisites required inorder to sniff the SSL traffic
sniff Sniff the traffic
FAQs
Sniffer for encrypted traffic
We found that iosslsniffer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Elastic’s return to open source with the AGPL license has been met with skepticism, as many developers see it as a strategic move rather than a genuine effort to restore user trust and freedoms.
Security News
A new "revival hijack" supply chain attack targets deleted Python packages, with an estimated 22K packages at risk. Socket can detect and block hijacked packages that have added malicious code.
Product
We're introducing a new Analytics feature in the Socket dashboard so you can view changes in your organization's and repositories' alerts over time.