How to configure the iOS Mobile Device to work with Burp Suite

Dynamic Application Security Testing

Steps for configuring the Network connectivity:

• Follow the steps from - https://nikhil-gandla777.medium.com/how-to-configure-the-android-mobile-device-with-burpsuite-to-capture-the-traffic-of-the-android-apk-f2d262a5c2e4 blog.
• From the step - Connect a wifi network to your Desktop/Laptop.
• To the step - scroll down to see the intercept server responses and enable/disable as shown in the below screenshot.

Steps for configuring the burp proxy listener:

• Open burp suite.
• Go to the Proxy tab, and then the options tab.
• From the Proxy Listeners section, click the Add button.

• In the binding tab, enter a port number that is not currently in use,
• e.g. 8081 /8082.
• Then select the all interfaces option.
• Click ok.

• The proxy listener should now be configured and running.

Steps for configuring the device to use the proxy:

• Open the settings menu from the IOS device.

• Enable the wifi.

• Click on the i (information) option next to the name of your network.

• Open the manual proxy settings.
• Enter the IP address of the computer that is running with the burp.
• Enter the port number configured in the Proxy Listeners section earlier, in this example 8081/8082.

Steps for installing the burp’s CA certificate in an iOS device:

• Open the Safari web browser in the IOS testing device.
• Type https://burp/
• Click the CA Certificate to download it.

• Tap install.

• Tap again to install.

• Tap again to install.

• Type done.

NOTE: For some versions of iOS you may need to go to “Enable Full Trust for the PortSwigger CA”.

• Open the Settings > General > About > Certificate Trust Settings.

Steps for testing the configuring:

• Open the burp suite.
• Check the proxy intercept tab, and ensure that intercept is on.

• Open the Safari web browser in the IOS testing device.
• Type https://portswigger.net/

• Then, the request should be intercepted in the burp.

You’re done.

Happy Hacking!