Document how to setup iPhones for traffic interception

[baltpeter]

This means:

• Configuring the device to trust our CA.
• Setting a certificate pinning bypass.
• Configuring the device to run all network traffic through our proxy.

(cf. #18 for Android)

[baltpeter]

A proxy can interactively be configured through the WiFi settings:

[baltpeter]

Here's how I manually installed the mitmproxy CA on the phone:

• Connect to mitmproxy using WireGuard or proxy settings.
• Open Safari and go to http://mitm.it.
• Click "Get mitmproxy-ca-cert.pem" under "iOS".
• Confirm "This website is trying to download a configuration profile. Do you want to allow this?" with "Allow".
• Confirm "Profile Downloaded: Review the profile in Settings app if you want to install it." with "Close".
• Open Settings and go to General -> VPN & Device Management.
  • Under "DOWNLOADED PROFILE", click "mitmproxy".
  • On the "Install Profile" page, click "Install".
  • Confirm the warning "UNMANAGED ROOT CERTIFICATE" with "Install" and again with "Install".
• Go back to the Settings and General -> About -> Certificate Trust.
  • Under "ENABLE FULL TRUST FOR ROOT CERTIFICATES", enable "mitmproxy".
  • Confirm the warning "Root Certificate: Warning: enabling this certificate for websites will allow third parties to view any private data sent to websites." with "Continue".

Screenshots

         

[baltpeter]

Regarding SSL Kill Switch 2 (for bypassing certificate pinning): @zner0L mentioned that it should just work.

I found that there is a Cydia/Sileo repo that has an SSL Kill Switch 2 package, which makes the process a little easier. I simply installed that. After a "Do all" in the palera1n app, it did appear under Settings.

And it does appear to work: With SKS2 enabled, I can intercept HTTPS traffic even when I don't have the mitmproxy CA installed, if I disable it, I can't.