I am trying to see network request done by an iPhone app so I can check what data is being sent. Or at least, how many requests it is doing.
But when using Charles or Burp Suite on my Mac, it does not show any request outputs from this specific app. All other requests show, also from inside other apps. But this specific app does not register any requests at all, even when all data inside the app is reloaded.
How is this possible? Are there other ways to do requests? And can they be registered?
Ron
The app was doing SOAP requests. Apparently Charles does not pick those up.
I used Wireshark to investigate. That one did the trick.
If this app is making https requests, and you haven't configured your Charles instance to inspect https traffic, one single "unknown" request may be shown under the app's domain(s) in the "structure" tab, and no new requests will appear in the sequence tab when you reload.
In case you haven't configured the https proxy yet, here is a good short walkthrough:
Monitor Google Analytics requests on an iPhone Application
In case you already are seeing other https requests, I would try disabling mobile data, and see if this app's calls appear then - just in case iOS was bypassing Charles because it caused the wifi connection to lag.
Related
Given a web application running over an HTTPS connection. It also has to communicate with a Java application on the local area network.
This server is literally in the same room with the PC on which the web app is running, a simple HTTP connection would be completely fine between the two, but since the web app is running over HTTPS, the browser forces the HTTPS.
It's already stupid and a big overkill that I must employ an HTTPS server in the Java application just because of that, but still now it doesn't work yet, because now the browser is complaining about the certificate that it is self-signed..
I mean, do I really need to purchase an SSL certificate so two of my computers in the same room can communicate over HTTP? Even if I wanted I couldn't. There's not even a fix domain.
I'm confused, is there a way around?
UPDATE:
The web application is served from the Internet, that's why the HTTPS connection. Whereas it should receive data from a Java application running locally. Hundreds of megabytes in every couple of minutes (confidential medical images) so sending all that through a proxy is not really an option.
I also wanted to avoid the need of any manual configuration from the user's side to make the communication work (like importing a certificate into the web browser and similar) but maybe I have no other option.
We develop APPs, and sometimes we want to see the traffic of the APP.
Now we use Charles, AnyProxy, or Fiddler, but all these tools need manually settings on the Mobile Device, and not easily to share the traffic.
So I am thinking about a solution:
1. on the router run tcpdump, or make a port-traffic-mirror to a specific machine, so I can get all the traffic
2. there will be a program, decoding the traffic stream to pure http/https package, and show them on a webpage.
3. anyone who want to see the http/https(based on the APP, or may be protobuf) requests and responses. and can do some search or filter.
4. yes, these works like Wireshark, but how to make Wireshark run on a web?
I am trying to intercept HTTP requests sent via an application I have installed on my Windows 7 machine. I'm not sure what platform the application is built on, I just know that Fiddler isn't correctly intercepting anything that this program is sending/receiving. Requests through Chrome are intercepted fine.
Can Fiddler be set up as a proxy for ALL applications, and if so, how would I go about doing this? I have no control over the application code, it's just something I installed. It is a live bidding auction program which seems to mainly display HTML pages inside the application window.
Fiddler isn't correctly intercepting anything that this program is sending/receiving
That means the program is either firing requests to localhost (very unlikely), or ignoring the proxy settings for the current user (most likely). The latter also means this application won't function on a machine where a proxy connection is required in order to make HTTP calls to the outside.
The alternative would be to use a packet inspector like Wireshark, or to let the application be fixed to respect proxy settings, or to capture all HTTP requests originating from that machine on another level, for example the next router in your network.
I had Fiddler open recently with no filters on, and I was running a program from my command prompt that communicates with a server (it's a simple in-house proprietary program).
Interestingly, Fiddler was not picking up this communication, which is mostly made up of REST API calls. I did some research and found this quote, from here
With regard to why you're not seeing this traffic in Fiddler--
assuming you don't have any filters set, this suggests that whatever
mechanism you're using to send the HTTP request isn't adopting the
system's proxy settings. This means, for instance, that your code
would fail if run on a corporate computer that requires a proxy server
to reach the Internet.
However, I'm wondering why this would be the case. As far as I understand, my computer still needs to send data from my network card to the proxy server's network card. The traffic isn't bypassing my network card - it simply carries a different address. Why isn't Fiddler able to see this?
The reason is that Fiddler works not by sniffing your network card but by installing itself as the system proxy. If you click start and type "Internet Options" and choose the tab "Connections" and the button "LAN Settings" you'll see that localhost:8888 is your system proxy. Now, most well-behaved clients (e.g. IE and Chromer) respect and use the system proxy but some don't. In particular Java programs have their own ideas about which proxy they will use and you would have to set that separately. For other programs which are just hard-coded to make their own direct HTTP request you cannot AFAIK monitor them with Fiddler.
I have some iOS 5 code that I am using to interface to an ASP.NET web service. The code can (seemingly) connect OK to my service but a blank reply is sent every time. I have stepped through the code and saw how iOS takes the service domain address and turns it into an IP address and tests for connection. Does it also use the IP address for a connection when running? The problem is that I have my service running on a shared ASP.NET box so mysite.com/mywebservice.asmx will resolve while an ip address like xxx.xxx.xxx.xxx/mywebservice.asmx will not resolve at all. Could this be the root cause of why my web request is blank every time?
I'm guessing your web site has a registered domain name which is auto-mapped to an IP . Therefore, according to a similar issue that we faced earlier, you need to analyze the full request that is being sent . Tools like - firebug http://getFirebug.com , poster https://addons.mozilla.org/en-US/firefox/addon/poster/ can be really handy for the same.
The issue I faced was solved by changing the "user-agent" header in the request from the IOS device.
So you can replace the value of the header you send with the one that is sent from the browser. Also, there can be some cookies being sent by the browser as a default behaviour.
I think those would be good directions to look, considering the web service you hit gives a reply to the browser.