Sniffer for encrypted traffic
Project description
Description
Utility for sniffing SSL/TLS encrypted traffic on a jailbroken iOS device.
CFNetwork.framework
contains a debug/verbosity global, enforcing a dump of every packet transferred through it, to be
logged into device syslog in plaintext form. In order to have a nicer view with clean control flow of this traffic, we
attach each such packet appropriate TCP flags and write it back into a PCAP file.
This allows us to later dissect this traffic using popular and convenient tools (e.g. Wireshark 🦈). Assuming you have a jailbroken iOS device, this Python3 tool can automate this process.
Installation
python3 -m pip install -U iosslsniffer
Prerequisites
Enable logging global
This package relies on the ability to modify Apples logging global, Thus requires a jailbroken device.
In addition, a global preference key is need to set AppleCFNetworkDiagnosticLogging
.
Howto
- Download and install
rpc_server
on a jailbroken device. - Setting logging global, this can be done manually or using the integrated
rpc_client
in the sniffer.- To use integrated
rpc_client
just provide therpc_server
port:python3 -m iosslsniffer setup -p 5910 python3 -m iosslsniffer sniff
- Manually connect to
rpc_server
:- Set
AppleCFNetworkDiagnosticLogging
to 3 (restart required) - Execute
p.syslog.set_harlogger_for_all(True)
user@Users-Mac-mini-7 ~/ @ rpcclient 127.0.0.1 Welcome to the rpcclient interactive shell! You interactive shell for controlling the remote rpcserver. Feel free to use the following globals: 🌍 p - the injected process 🌍 symbols - process global symbols Have a nice flight ✈️! Starting an IPython shell... 🐍 In [1]: pref = p.preferences.sc.open('/private/var/Managed Preferences/mobile/.GlobalPreferences.plist') In [2]: pref.set('AppleCFNetworkDiagnosticLogging',3) restart......... In [1]: p.syslog.set_harlogger_for_all(True)
- Set
- To use integrated
CFNetworkDiagnostics
In order to enable CFNetworkDiagnostics
the key AppleCFNetworkDiagnosticLogging
needs to be set, this is done as
part of iosslsniffer setup
command.
A restart is required incase the key was not set.
Usage
Usage: python -m iosslsniffer [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
setup Setup all prerequisites required inorder to sniff the SSL traffic
sniff Sniff the traffic
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for iosslsniffer-0.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c6ab8482fd33fdc6eaf0c8bd798b16ad59268151065cb652e3256c1e391ee00b |
|
MD5 | 27722f6cc1960104163eff08b9cf875c |
|
BLAKE2b-256 | 97b1e0fa964d4cd437b3b8abc94ad0457f6565a4c26186faf77038b1d15a7187 |