On Dec 17, 2023, at 5:38 AM, public1020 via Wireshark-users <wireshark-users@wireshark.org> wrote: > > I'm debugging a weird iOS application issue, I need to capture the clear > traffic between the client and the server. > > I have the SSL private key and certificate, alongside the pcap file captured. > > How can I decrypt the HTTPS traffic and view it with wireshark?
You can capture iPhone traffic by connecting the phone to a Mac via USB and then starting a remote virtual interface via 'rvictl' and 'rvmuxd' (both are Xcode Command Line Tools utilities). Wireshark can then capture traffic from the remote virtual interface on the Mac. https://www.thequantizer.com/tutorials/wireshark-iphone-traffic-capture/ You can also configure the iPhone WiFi to use an mitmproxy server running on the Mac (or in your case, on Linux). Wireshark can then capture all unencrypted traffic on the mitmproxy server port on the proxy host. BE AWARE that configuring this on your iPhone is a potential security risk because you must (at least temporarily) configure your phone to trust the CA certificate provided by mitm.it. Don't forget to disable the proxy and/or delete the certificate on your iPHone when you are finished with your capture. https://mitmproxy.org/ I'm typing this up from incomplete notes, so I may have omitted or mangled some steps. Please write back if you have any problems or questions. regards, -- Mark ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe