On my way to reverse engineer the api’s of a particular app, I stumbled upon a problem on how to sniff network traffic. The obvious choice was either to jailbreak or run a proxy server and use Charls Proxy to sniff. The later is a good solution, if if I wanted to inspect HTTPS.
Since I was only interested in HTTP Headers, I found the ideal solution - Remote Virtual Interface Tool or rvictl which remotely captures packets from any connected mobile device (read iOS devices)
Steps to use rvictl
- Start rvictl
rvictl -s <UDID>
rvictl -s c3562752e8858dd3d93616014ca2536f
- run tcpdump
$ tcpdump -n -t -i rvi0 -q -A tcp
* -q = quiet mode
* -A = output tcp packet
- Stop rvictl
rvictl -x <UDID>
Notes
- This is only works for plain HTTP traffic
- In case of gzipped content, only the HTTP Headers will be visible. The content itself will appear as garbage
- For more detailed setup using wireshark read this post