iOS 15 and above traffic intercept via Burp proxy without jailbreak


Burp Suite is a tool that can be used for intercepting and modifying network traffic. It is commonly used by security professionals for testing the security of web applications and can be used to intercept traffic from iOS devices.
To use Burp Suite with an iOS device running iOS 15 or later, you will need to install the Burp Suite Certificate Authority (CA) certificate on the device. This certificate is used to establish a secure connection between the device and the Burp Suite proxy.
Once the certificate is installed, you can configure your iOS device to route its network traffic through the Burp Suite proxy. This can be done by going to the “Settings” app on the device, selecting “Wi-Fi,” and then tapping on the blue “i” icon next to the connected Wi-Fi network. From here, you can scroll down and tap on the “Configure Proxy” option, then select “Manual” and enter the hostname and port number for the Burp Suite proxy.
With these steps, you should be able to intercept and modify network traffic from your iOS device using Burp Suite. It’s worth noting that some apps may not work properly when their traffic is intercepted in this way, so you may need to experiment to see which apps are compatible with this setup. I have tested it iphone 12 iOS version 15.3.1 and it works perfectly fine on it and i was able to intercept the traffic with ease and without any jailbreak. I have used below steps which was posted on the portswigger website.
Configure your Burp Proxy listener to accept connections on all network interfaces.
Connect both your device and your computer to the same wireless network.
To interact with HTTPS traffic, you need to install a CA certificate on your iOS device.
Step 1: Configure the Burp Proxy listener
To configure the proxy settings for Burp Suite Professional:
Open Burp Suite Professional and go to Proxy > Options.
In Proxy Listeners, click Add.
In the Binding tab, set Bind to port to 8082 (or another port that is not in use).
Select All interfaces and click OK.
At the prompt, click Yes.
https://miro.medium.com/v2/resize:fit:1100/format:webp/0*rfcLDMPCtns7bCf_.png
Step 2: Configure your device to use the proxy
To configure the proxy settings for your iOS device:
In your iOS device, go to Settings > Wi-Fi.
Make sure that the Wi-Fi button is on and connect to your Wi-Fi network.
Select the information icon (i) next to your Wi-Fi network.
https://miro.medium.com/v2/resize:fit:1100/format:webp/0*3IO2XMOvW7wooq9X.png
Set Configure Proxy to Manual.
Set Server to the IP address of the computer that is running Burp Suite Professional.
Set Port to the port value that you configured for the Burp Proxy listener, in this example 8082.
Touch Save
https://miro.medium.com/v2/resize:fit:1100/format:webp/0*dWZeX1RDGxrdRvzN.png
Step 3: Install a CA certificate on your iOS device
In order to interact with HTTPS traffic, you need to install a CA certificate from your Burp Suite Professional installation on your iOS device.
To install the CA certificate to your iOS device:
Make sure that Burp Suite Professional is running on your computer.
Use the browser on your iOS device to go to http://burpsuite and select CA Certificate.
When the CA certificate downloads, select Profile downloaded in the Settings menu.
On the Install Profile screen, select Install.
https://miro.medium.com/v2/resize:fit:1100/format:webp/0*fW4HK4ojWdXb9H6K.png
On the Installing Profile screen, select Install.
When the profile is installed, select Done.
Go to Settings > General > About > Certificate Trust Settings.
Activate the toggle switch for Portswigger CA.
https://miro.medium.com/v2/resize:fit:1100/format:webp/0*GnFtzl7zh4H7hhn1.png
Step 4: Test the configuration
To test the configuration:
Open Burp Suite Professional.
Go to Proxy > Intercept and click Intercept is off to switch intercept on.
Open the browser on your iOS device and go to an HTTPS web page.
The page should load without any security warnings. You should see the corresponding requests within Burp Suite Professional. Please let me know your were able to do the interception or find any difficulty while doing it.
You can reach out to me on:
LinkedIn: https://www.linkedin.com/in/mkroot/
