Some iOS apps does not show traffic

[caioaugustofr]

Proxyman version? (Ex. Proxyman 1.4.3)

2.30.0

macOS Version? (Ex. mac 10.14)

Big Sur (11.2)

Steps to reproduce

I configured the proxy on my iOS device to start monitoring traffic. When I open Safari and type an URL (even if HTTPS), I can see its traffic, however, when I open a certain app, I cannot see the traffic generated by it. The app in question is called "Tecnofit Box". I can make a video if it helps.

[onikishov]

I have the same issue with Clubhouse app.

[NghiaTranUIT]

After setting HTTP Proxy on your iPhone and you can see HTTPS Traffic (from Safari iOS) on the Proxyman app, it means you've set it up properly.

I'm not sure why some app traffic doesn't go through Proxyman via HTTP Proxy. Let me download the app and check it 👍

[NghiaTranUIT]

@onikishov Just wondering:

1. Set HTTP proxy on wifi in your iPhone to Proxyman
2. Open Safari iOS -> visit https://google.com
3. Do you see the traffic on Proxyman app?

[onikishov]

@NghiaTranUIT Yes, I see all traffic from Safari browser and many other apps, but not from this one. It seems like the app is ignoring proxy settings.

[NghiaTranUIT]

@onikishov I've downloaded the lasted Clubhouse app, and I'm able to see its traffic

Can you check other apps (such as Product Hunt, Unsplash, ...), which don't have SSL-Pinning.

[NghiaTranUIT]

@caioaugustofr I tried Proxyman on your app, and it looks like Tecnofit Box is using Firebase for the authentication & APIs.

If it's, we could not intercept Firebase traffic because it doesn't use the HTTP transport layer.

Ref: https://groups.google.com/g/firebase-talk/c/RPSQwV7WpLs

[onikishov]

@NghiaTranUIT Many thanks for investigating the issue. It seems the problem with my iPhone. Tried another iPhone, works fine.

[caioaugustofr]

@NghiaTranUIT, thanks for the info. So, in other words, it is not possible to intersept the traffic of this app?

Another thing, I tried it with android emulator. It shows a request made to rest.tecnofit.com.br, however, I cannot see its content, because I get ssl handshake failed.

[NghiaTranUIT]

@caioaugustofr Yes, there is no way to intercept Firebase SSL traffic.

Regarding the Android app,

1. Do you installed & trusted Proxyman Certificate on your Android Emulator?
2. Have you added a config to security.xml and manifest.xml? (Step 4 in this guideline https://docs.proxyman.io/debug-devices/android-device)

Both steps are required in order to intercept HTTPS Traffic from Android app.

[jesus-mg-ios]

@NghiaTranUIT, Why iOS App cannot capture TCP or UDP datagrams? Is that possible with packet tunnel or I'm wrong?

[NghiaTranUIT]

@jesus-qt It's possible to capture TCP/UDP from Proxyman, Charles Proxy or Fidder if this feature is supported. At the moment, none of them supports it.

If you use Packet Tunnel from the NetworkExtension framework from Apple, you can capture TCP/UDP.

If you'd like to see TCP/UDP traffic, please try Wireshark 👍

[jesus-mg-ios]

@NghiaTranUIT I'm trying to do this without external vpn server, but I cannot redirect traffic to internet reading with packet flow and writing to packetFlow. Any suggestions? I don't want to create by hand a socket to redirect the traffic to internet and then to the apps (because I think it's too complex and I have no idea how to do this)