Intercepting traffic over HTTP
Web app pentesters must be familiar with interception of web traffic using proxy tools. We will use one of the popular proxy tool, Burp Suite, to view or modify the traffic between an iOS application and backend APIs. The overall process of intercepting an iOS application traffic using Windows and Mac is almost the same.
So let's follow the mentioned steps to intercept the iOS application traffic with backend web APIs:
- Download the free version of Burp Suite from https://portswigger.net/burp/download.html. Once you start the jar file, you will observe the view as shown in the following:
- You need to set Burp Proxy to listen on all interfaces. So, navigate to Proxy | Options and set proxy to listen for all interfaces, as follows:
- Now, check the IP address of your base system where Burp Suite is running. In Windows, you can open the command prompt and type the
ipconfig
command to see the IP address. On a Mac system, you can check the IP address with Network...