Using SniffMaster to Capture iOS Network Packets

SniffMaster allows you to capture iOS network packets without the need for jailbreaking or setting up proxies. It works regardless of how the software protects itself, ensuring normal packet sniffing. iOS data traffic includes all network requests from the device, such as HTTPS, socket communication, TCP, UDP, and various DNS protocol packets. SniffMaster supports multiple formats for viewing data, including string, hex, and binary, allowing you to analyze network request chains and save data in pcap format for further analysis with other software.

Preparing the iOS Device

• Connect the Device: Use a USB cable to connect the iOS device to the computer. Ensure the device is unlocked and the screen is on.
• Trust the Computer: If this is the first time connecting the device to this computer, the phone will prompt you to trust the device. Tap Trust.
• Install iOS Driver: On Windows, when using SniffMaster for the first time, you may be prompted to install the required drivers. Follow the on-screen prompts to install the drivers. After installation, restart SniffMaster.
• Install Configuration Profile: If this is the first time using SniffMaster with the device, the software will prompt you to install a configuration profile. Follow the on-screen instructions to install it on your phone.
• Enable Developer Mode: For devices running iOS 17.4 and later, SniffMaster will prompt you to enable Developer Mode in iOS settings. Follow the instructions to complete the process. Devices running iOS 17.0–17.4 contain some bugs, and SniffMaster does not support these versions. Devices running iOS 15 or earlier have not been tested and may not be supported.

Entering Data Traffic Sniffing Mode

1. Select the iOS device you wish to capture packets from in the device list. The bottom left corner will show the status of the advanced management service for the device.
2. Wait for the “Advanced Management Service” in the bottom left corner to turn green.
3. Once ready, select Data Traffic Sniffing from the feature menu. Note that data traffic sniffing is an iOS-exclusive feature. If you choose to sniff from the local machine (the current computer), both brute-force and data traffic sniffing options will be unavailable.
4. If an error occurs, it may be due to the failure to start the “Advanced Management Service.” Click the Start Advanced Management button to activate the service following the on-screen instructions.

Data Traffic Sniffing Features

• Start: Click this button to begin data traffic sniffing. After the capture starts, click it again to stop the process.
• Save: Save the captured data as a pcap file, which can be used with other software or for further analysis later.
• Filter: Use the filtering options to exclude unwanted data. You can filter by target address, source address, data port, protocol type, and more.
• Select App: Capture data only from the selected app, reducing interference and allowing you to focus on the target app’s network requests.
• Clear: Clear all captured data records.
• Delete: Delete selected data records.
• Right-click Actions: Captured records support right-click actions, allowing you to delete specific records.
• Network Transmission: The network transmission panel displays the entire network request chain for the data, including the application layer, link layer, and transport layer.
• Data Panel: The data panel displays the full transmitted data in different formats. You can view the data in hex, string, or formatted hex, and save individual packets as binary files.