04-18-2021, 10:49 AM
Hello folks,
I'm trying to reverse the API calls of an iOS app so I can use their API in my app. I already tried to connect my iPhone to my MacBook through USB-C to create a network interface that I can listen to in Wireshark. This worked very well, and I found out what domains they're calling, but everything is encrypted so I was unable to obtain any useful data. My next attempt was to use an app called Wireshark Helper, which allows you to tunnel your phone's traffic to your Mac using a VPN. It gave me the certificates to decrypt the TLS traffic, but it didn't work as intended. My last try was to use an app called HTTP Catcher, which is a very light Wireshark alternative to capture traffic directly on your phone. It works pretty well and it allows me to see any GET / POST requests made by safari but it only shows me one initial connection for any app I tested. I first thought it might be using a TCP connection to communicate with their backend but even requests from apps that are using a REST API don't show up.
Any ideas on how to proceed from here?
I'm trying to reverse the API calls of an iOS app so I can use their API in my app. I already tried to connect my iPhone to my MacBook through USB-C to create a network interface that I can listen to in Wireshark. This worked very well, and I found out what domains they're calling, but everything is encrypted so I was unable to obtain any useful data. My next attempt was to use an app called Wireshark Helper, which allows you to tunnel your phone's traffic to your Mac using a VPN. It gave me the certificates to decrypt the TLS traffic, but it didn't work as intended. My last try was to use an app called HTTP Catcher, which is a very light Wireshark alternative to capture traffic directly on your phone. It works pretty well and it allows me to see any GET / POST requests made by safari but it only shows me one initial connection for any app I tested. I first thought it might be using a TCP connection to communicate with their backend but even requests from apps that are using a REST API don't show up.
Any ideas on how to proceed from here?