Using Burpsuite With iOS Device

Setting up an iOS device to work with Burp Suite Community Edition

This guide will help you configure an iOS device to work with Burp Suite Community / Professional Edition. An iOS device can be used with Burp Suite to test web and mobile applications for security vulnerabilities.

Step 1: Setting up the Burp Proxy Listener

Instructions for configuring the proxy settings in Burp Suite Community Edition:

  1. Launch Burp Suite and navigate to the Proxy section, then select Proxy Settings.
  2. In the Proxy Listeners section, click the Add button.
  3. Within the Binding tab, specify the Port as 8082 (You can choose an alternative port if 8082 is in use).
  4. Select the option for All Interfaces and click OK. Adding a proxy listener in Burp Suite
  5. When prompted, click Yes. Your Proxy Listeners settings should resemble the following: Adjusting Burp Suite proxy listeners settings

Step 2: Configuring Your iOS Device for Proxy

Steps to set up proxy settings on your iOS device:

  1. On your iOS device, navigate to Settings > Wi-Fi.
  2. Ensure that your device is connected to your Wi-Fi network.
  3. Select the (i) icon next to your Wi-Fi network. iOS Wi-Fi settings
  4. Set the Configure Proxy option to Manual.
  5. Specify the Server as the IP address of the computer running Burp Suite Professional.
  6. Set the Port to 8082 or the port value you configured for the Burp Proxy Listener.
  7. Tap Save. Configuring Burp Suite Proxy

Step 3: Installing a CA Certificate on Your iOS Device

To enable interaction with HTTPS traffic, follow these steps to install a CA certificate from your Burp Suite Community Edition installation onto your iOS device:

To install the CA certificate on your iOS device:

  1. Ensure that Burp Suite is running on your computer.
  2. Use the browser on your iOS device to visit http://burpsuite and select CA Certificate. Download Burp Suite CA certificate
  3. Once the CA certificate is downloaded, go to the Settings menu and select Profile Downloaded.
  4. On the Install Profile screen, choose Install.
  5. On the Installing Profile screen, select Install.
  6. After the profile is installed, choose Done.
  7. Go to Settings > General > About > Certificate Trust Settings.
  8. Activate the toggle switch for Portswigger CA. Activating Root CA certificate

Step 4: Verify the Configuration

Checking the Configuration:

  1. Launch Burp Suite.
  2. Navigate to Proxy > Intercept and click on Intercept is off to enable intercept mode.
  3. Open the web browser on your iOS device and visit an HTTPS web page.
  4. You should see the HTTPS request come through Burp Suite proxy.

The page should load without any security warnings.

Let us know if you want to know more about our mobile app pen-testing services.