Configuring an iOS Device to Work With Burp

To test web applications using an IOS device you need to configure your Burp Proxy listener to accept connections on all network interfaces, and then connect both your device and your computer to the same wireless network. If you do not have an existing wireless network that is suitable, you can set up an ad-hoc wireless network.

Configure the Burp Proxy listener

MobileSetUp_1

In Burp, go to the “Proxy” tab and then the “Options” tab.

In the “Proxy Listeners" section, click the “Add” button.

 
MobileSetUp_2

In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.

Then select the “All interfaces” option, and click "OK".

Note: You could alternatively edit the existing default proxy listener to listen on all interfaces. However, using different listeners for desktop and mobile devices enables you to filter these in the Proxy history view.

 
MobileSetUp_3

The Proxy listener should now be configured and running.

 

Configure your device to use the proxy

MobileSetUp_Apple_1

In your iOS device, go to the “Settings” menu.

 
MobileSetUp_Apple_2

Tap the “Wi-Fi” option from the "Settings" menu.

If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, find your network in the list, and tap it to connect. Enter your network password if prompted.

 
MobileSetUp_Apple_3

Tap the “i” (information) option next to the name of your network.

 
MobileSetUp_Apple_4

Under the "HTTP PROXY" title, tap the “Manual” tab.

In the "Server" field, enter the IP address of the computer that is running Burp.

In the “Port” field, enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.

 

Test the configuration

MobileSetUp_Apple_5

In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).

 
MobileSetUp_Apple_6

Open the browser on your iOS device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA certificate in your iOS device).

 
MobileSetUp_Apple_7

The request should be intercepted in Burp.

 

Note: This article is based on iOS 8.1.2 running on an iPad mini mobile device.