Using SniffMaster for HTTPS Brute-Force Sniffing

SniffMaster’s HTTPS brute-force sniffing does not require jailbreaking, proxy setup, or certificate installation. It can automatically decrypt HTTPS data, even if the app has PIN and mutual authentication set up. However, the app being sniffed must be signed with an iOS developer certificate. For unsigned apps (such as iOS system apps or certain third-party apps), only the request URL and headers can be seen, while the request body cannot be captured.

Preparing the iOS Device

• Connect the Device: Connect your iOS device to the computer via USB. The device must be unlocked and the screen on.
• Trust the Computer: If this is the first time connecting the device to the computer, a prompt will appear on the iPhone to “Trust This Computer”. Tap Trust.
• Install iOS Driver: If you’re using Windows, you may be prompted to install the necessary drivers when you first launch SniffMaster. Follow the on-screen prompts to complete the installation. After the driver is installed, restart SniffMaster.
• Install Configuration Profile: If you’ve never used SniffMaster on this device, the software will prompt you to install a configuration profile. Follow the steps on the phone to complete the installation.
• Enable Developer Mode: For devices running iOS 17.4 or later, SniffMaster will prompt you to enable Developer Mode in iOS Settings. Follow the provided steps. For iOS 17.0–17.4, there are some known bugs, and SniffMaster currently does not support these versions. Devices running iOS 15 or below have not been tested and may or may not be supported.

Entering HTTPS Brute-Force Sniffing Mode

1. Select the iOS device you want to sniff from the device list. In the bottom left corner, you will see a message indicating that the device’s advanced management service is being prepared.
2. Wait for the “Advanced Management Service” in the bottom left to turn green.
3. Once ready, select HTTPS Brute-Force Sniffing from the features menu. Note that brute-force sniffing is a feature exclusive to iOS. If you select the local computer (this machine) for sniffing, both brute-force sniffing and data traffic sniffing will be unavailable.
4. If an error occurs, it may be due to the failure to start the “Advanced Management Service.” You can click Start Advanced Management to activate the service following the prompts.

Brute-Force Sniffing Feature Explanation

• Start: Click this button to begin brute-force sniffing. After sniffing has started, click it again to stop the process.
• Save: Save the captured data as a HAR file for use with other software or to continue analysis later.
• Filter: Use filtering to exclude unwanted data. You can filter by URL, data type, incomplete packets, etc.
• Select App: Only capture data from the selected app to reduce interference and focus on the target app’s data requests.
• Clear: Clear all captured data records.
• Delete: Delete selected data records.
• Help: Provides an operation guide and help. If you accidentally close the software’s operation tips, click here to view the help information.
• Table/Group View: Switch between table and grouped views to organize captured records for easier deletion and cleaning.
• Right-click Actions: Captured records support right-click actions, allowing you to delete or copy URLs.
• Sort: Sorting of captured records by various metrics is available. Simply click on the table header to sort the records.

Incomplete Data Capture?

For apps that are not signed with a developer certificate, brute-force sniffing can only display the request headers and request URLs, such as for system apps or apps downloaded from the App Store. To capture the request body and response body for a specific app, you will need to re-sign the app’s IPA file with an iOS developer certificate.

If you do not have a developer account or certificate, you can use AppUploader to create a free certificate. For signing, you can use tools like codesign. Apps downloaded from the App Store are typically encrypted by default, so you may need to unpackage the IPA. You can find tutorials or search online for methods to unpackage the IPA or use an unwrapped version of the IPA.