panmingyang2009
commented
4 years ago Hi, Abraham. I would like to answer your last question.
It would be great to be able to use MTHawkeye at runtime.
You are right. We know it's useful to use Hawkeye at runtime. And in fact, we are actually doing this in our team. We can inject Hawkeye into any existing ipa package. Which means we can use Hawkeye in any App, as long as we can get the ipa file of that App.
According to our solution, we use pod-packager to build Hawkeye into a framework. Then we use scripts to inject the Hawkeye framework into target ipa package and resign the ipa. Most functions work well in this situation.
In this way, you can profile almost any third party application without jailbroken phones.
Is your feature request related to a problem? Please describe. When reviewing iOS apps with the FLEX bar, there are limitations to the Network Monitoring functionality. i.e. Not able to export all captured traffic, no persistence if the app crashes, no detailed filter like MTHawkeye.
Describe the solution you'd like I would like MTHawkeye releases to include a .deb file, to be released in github and idelally also a Cydia repo. The goal would be to be able to use MTHawkeye functionality while performing security audits of mobile apps. For this purpose, MTHawkeye could be a standalone tweak or be somehow integrated into the FLEX bar.
Describe alternatives you've considered The FLEX bar is currently insufficient for this as described in the problem description above.
Additional context MTHawkeye seems great for situation where developers manually add this to their apps, it would be great to be able to use MTHawkeye at runtime to audit any app without having the source code, i.e. at runtime using the FLEX bar or similar.