Burp Suite

Summary

Burp Suite is a great tool that essentially acts as a middle-man between your client (browser, device, etc.) and a server it is trying to communicate with. You're able to capture, inspect, replay, modify, etc. all the network requests sent between the two.

Unfortunately, it can take a good amount of work to get it to cooperate with iOS.

Installation

Installation is pretty straight forward, you just go to the Download page and install it on your local workstation.

Configuration

I'm currently on Windows 10, so depending on your OS, some things are going to be a LITTLE different, but I'm hoping that this will provide you a good starting point. I do not believe you need a jailbroken device for the basic functionality of Burp Suite, but it certainly doesn't hurt. I am writing this guide with the following setup:

OS: Windows 10 (10.0.19041 Build 19041) iDevice: iPhone SE 2 iOS: 13.5 (jailbroken) Burp Suite: 2020.6A

Huge shout out to the people in this portswigger thread who provided a lot of the missing pieces.

Delete Old Stuff

If you're here, you've probably tried a lot of things that may cause conflicts with the setup I'm doing here, so I recommend you start from a clean slate. I'd go to Settings => General => Profiles & Device Management and delete any Burp related certs under Configuration Profile. If you have anything under Developer App, I would recommend leaving it because that's probably AltStore and how you're jailbreaking. Just click the Profile, click Remove Profile, and enter your pin.

Generate a Certificate

Apple decided to make our lives hard by hardening the requirements for trusted certs in iOS 13 so we will need to create our own certs rather than using the ones Burp Suite generates.

I have Ubuntu 20.04 installed with WSL2 on Windows 10 and I don't want to go into how to set that up here, but essentially, you just need access to the openssl command.

Run the following commands to generate your new certificates:

Create Certificate Directory

cd /mnt/c/Program\ Files/BurpSuite*
mkdir certificates
cd certificates

Generate Certificates

openssl req -x509 -nodes -newkey rsa:4096 -keyout myBurpCA.key -out root-ca.crt -days 365 -subj "/C=CA/O=Burp/OU=Certification Services/CN=MyBURPRootCA/" -addext "extendedKeyUsage=1.3.6.1.5.5.7.3.1"
openssl pkcs12 -export -out BurpRootCA.pfx -inkey myBurpCA.key -in root-ca.crt

You will be asked to enter a password. Make sure it is one you will remember.

Configure Burp Suite to use TLS 1.2

It would appear that you need to make Burp Suite use TLS 1.2 in order to fully get it to work as TLS 1.3 will cause problems. You can do this by editing C:\Program Files\BurpSuitePro\BurpSuitePro.vmoptions.

Before

# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# -Xmx512m
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]

-XX:MaxRAMPercentage=50

After

# Enter one VM parameter per line
# For example, to adjust the maximum memory usage to 512 MB, uncomment the following line:
# -Xmx512m
# To include another file, uncomment the following line:
# -include-options [path to other .vmoption file]

-XX:MaxRAMPercentage=50
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2

Import Certificate into Burp Suite

Open Burp Suite and navigate to Proxy => Options and select Import/export CA certificate.

Under Import, select Certificate and private key from PKCS#12 keystore. Click Select file... and navigate to the folder you created the certificates in. Select the file ending with .pfx and enter your password. Click Next and Close.

While you're here, make sure you select the Proxy Listener, click Edit, and change the address to either All interfaces or the external IP of your computer on the same network as your iDevice.

Install Certificates on iPhone

On your iDevice, go to Settings => Wi-Fi and select the blue i next to your network name. Select Configure Proxy under HTTP Proxy and select Manual. Enter the Burp IP Address and Port and click Save`.

Open Safari and navigate to http://burp. Click CA Certificate in the top right corner and click Allow. It will tell your that the Profile Downloaded and that you will need to install it in the Settings app.

Open Settings and you should see Profile Downloaded at the top of the main Settings page. Click it. If you do not see it, go to General => Profiles & Device Management and you should see it under Downloaded Profile. Click it and click Install. Enter your passcode and click Install two more times. You should now see a green Verified checkmark.

Now you need to tell the iPhone that it should absolutely trust this certificate authority. Navigate to Settings => General => About => Certificate Trust Settings and flip the grey selector to green next to the name of your certificate authority.

Smoke Test

The easiest way to test that this is working properly is to go to https://burp. You should see a lock next to burp in the address bar. That's boring, though. You should now be able to do whatever you like, such as snooping on nearly all programs and visiting any website.

Supposedly there may be some issues with certain apps, and I don't really know the exact implications of disabling TLS 1.3 since most websites do not strictly require only TLS 1.3, but keep in mind that we did disable it in case you run into issues in the future.

If you're still running into issues, I DO have SSL Kill Switch 2 installed as described on my page for that, so I'd give that a shot as well. I don't actually know how much it is affecting the fact that I am able to snoop on any app I've tried.