Sniffer for encrypted traffic
Project description
Description
Utility for sniffing SSL/TLS encrypted traffic on a jailbroken iOS device.
CFNetwork.framework contains a debug/verbosity global, enforcing a dump of every packet transferred through it, to be
logged into device syslog in plaintext form. In order to have a nicer view with clean control flow of this traffic, we
attach each such packet appropriate TCP flags and write it back into a PCAP file.
This allows us to later dissect this traffic using popular and convenient tools (e.g. Wireshark 🦈). Assuming you have a jailbroken iOS device, this Python3 tool can automate this process.
Installation
python3 -m pip install -U iosslsniffer
Prerequisites
Enable logging global
This package relies on the ability to modify Apples logging global, Thus requires a jailbroken device.
In addition, a global preference key is need to set AppleCFNetworkDiagnosticLogging.
Howto
- Download and install
rpc_serveron a jailbroken device. - Setting logging global, this can be done manually or using the integrated
rpc_clientin the sniffer.- To use integrated
rpc_clientjust provide therpc_serverport:python3 -m iosslsniffer setup -p 5910 python3 -m iosslsniffer sniff
- Manually connect to
rpc_server:- Set
AppleCFNetworkDiagnosticLoggingto 3 (restart required) - Execute
p.syslog.set_harlogger_for_all(True)user@Users-Mac-mini-7 ~/ @ rpcclient 127.0.0.1 Welcome to the rpcclient interactive shell! You interactive shell for controlling the remote rpcserver. Feel free to use the following globals: 🌍 p - the injected process 🌍 symbols - process global symbols Have a nice flight ✈️! Starting an IPython shell... 🐍 In [1]: pref = p.preferences.sc.open('/private/var/Managed Preferences/mobile/.GlobalPreferences.plist') In [2]: pref.set('AppleCFNetworkDiagnosticLogging',3) restart......... In [1]: p.syslog.set_harlogger_for_all(True)
- Set
- To use integrated
CFNetworkDiagnostics
In order to enable CFNetworkDiagnostics the key AppleCFNetworkDiagnosticLogging needs to be set, this is done as
part of iosslsniffer setup command.
A restart is required incase the key was not set.
Usage
Usage: python -m iosslsniffer [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
setup Setup all prerequisites required inorder to sniff the SSL traffic
sniff Sniff the traffic
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iosslsniffer-0.0.2.tar.gz.
File metadata
- Download URL: iosslsniffer-0.0.2.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
681a3b9117a69dc213d15ab91d38b18a6b0d31cc20f2e2833e755786be6e5398
|
|
| MD5 |
ad4bb5fa4f7a522556e654dc5a5f2dbf
|
|
| BLAKE2b-256 |
09c813c1e99f2567ebfaf929a30b7fd369e91d588c320728fe5db0d42c62014b
|
File details
Details for the file iosslsniffer-0.0.2-py3-none-any.whl.
File metadata
- Download URL: iosslsniffer-0.0.2-py3-none-any.whl
- Upload date:
- Size: 8.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c6ab8482fd33fdc6eaf0c8bd798b16ad59268151065cb652e3256c1e391ee00b
|
|
| MD5 |
27722f6cc1960104163eff08b9cf875c
|
|
| BLAKE2b-256 |
97b1e0fa964d4cd437b3b8abc94ad0457f6565a4c26186faf77038b1d15a7187
|
