[Owasp-igoat-project] iOS Application testing
syyh_syyh at yahoo.com
Fri Sep 9 08:57:44 EDT 2011
I'm trying to test some iOS apps that use SSL certificates. I'm trying to intercept the device (iPhone, iPad, iPod) traffic by setting my laptop as a proxy from iOS device and sending all traffic via laptop. I use a proxy app on laptop (BurpSuite, Charles Proxy, Webscarab, Paros Proxy etc.) and i can intercept the iOS device's safari browser traffic.
The main problem is; when i use the same method for iOS apps, i got error messages like "The certificicate is not valid" or "The internet connection is not available, please check your internet connection".
I'm sure that there is no problem with my internet connection. I think the problem is; I'm trying to intercept the SSL traffic, i need to accept the unsigned certificate of the proxy. There is an option to accept the certificate on Safari browser but in iOS apps you can not accept the untrusted certificates by saying "i'm aware of the danger".
As a result, i stucked. If you have any ideas about my problem, I'll be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-igoat-project