iPhone app's traffic not sniffable - iphone

I've got quite a bit of experience using Charles to sniff out traffic being sent out on my iPhones. Almost every app that I choose to reverse engineer has been possible in large part to cURL and Charles. But, for some reason, this one app called Link seems to have a different way of communication with their server. I looked through my entire Chalres session and didn't see any relevant traffic from this app to an API endpoint. I don't have much experience actually making mobile apps, so perhaps there are other ways to process all of the requests that have to be generated upon using the app. But, how could all of the user's data be stored if no requests are being sent from the app to an external server somewhere?

Charles is an HTTP proxy, it is possible another protocol is being used. Possibly directly using TCP/IP connections.
Wireshark will show all packets in gory detail but you will probably not be able to see encrypted data decrypted without the key.
And the Wireshark UI is something to behold. ;-)

If the app runs on SSL you wouldn't be able to sniff any traffic either way. I design my apps that way at least. Could this be the case? Does it use port 443 instead of port 80?

Okay. Have a look at this post:
http://www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/
SSL pinning might be the answer.

Related

Is it possible to make a good voice call application with OpenSIPs server?

I am building a free voice call application on Android. I used OpenSIPs open source to make a SIP server and successfully make a call to another phone in WIFI network. However, I couldn't make a call when the phone uses cellular network like 3G/4G. I found out that I should make a STUN and TURN server to find exact SIP address.
Someone told me that it is hard to find SIP address if the user uses 3G or 4G network. So, he said I should use SBC to redirect voice data if I want to make good connections. He said I should make redirect servers to have good quality of service.
Is it possible to make a good voice call service with OpenSIPs server? If it is true, is there voice call services who used OpenSIPs open source? I've searched all documents, but couldn't find the answer.
Thank you.
I decided to make a SIP server using FreeSwitch Open Source. It was much better than OpenSIPs. I didn't have worry about NAT problem on FreeSwitch. It is also very easy to install a SIP server on Linux. Check out the website. http://freeswitch.org/

How can I simplify addressing an iOS device using Bonjour?

I would like to make an application for iOS devices that would communicate with a special type of remote device using HTTP POST requests. The problem is that this device would actually act in the role of a client, while iOS device has to be the server accepting the requests. The next problem, host name and port has to be configured statically at the device sending the requests.
While I'm aware it's possible to give it a try using Dynamic DNS services and UPnP/IGD or NAT-PMP to overcome the problem with iOS device being behind the NAT router, I was wondering whether using Bonjour could simplify the problem in some way. I'm quite a newbie in networking so I'm looking for the direction and want to avoid research of Bonjour if it's not going to bring me anything.
Any other idea of how to solve the problem is appreciated as well.
I had a think about this. IMHO you can't guarantee you'll always be able to expose an iOS based service over a WAN (although it's possible) so this isn't practical.
The best solution I suggest is using uPNP to open the device behind a router to the outside world, then have it send an iOS push notification to the iPhone with the details (hostname, ip, port, etc).
The iPhone would then would then have to set up some kind of persistent connection with the firewalled device to receive data.
Bonjour is a good system to discover and connect to services/clients, but only on your local network. I don't think it is a good idea to try it over the internet.

How can I debug network requests from my iPhone?

I want to check the network requests an app is making from my iPhone. It's on the same WiFi network as my computer (or if it makes things easier, I can set it up to use an ad-hoc network). I don't want to see every packet, just the URLs which my iPhone is requesting. I don't care about the returned data all that much.
A simple solution would be much appreciated.
If you want to intercept the phone itself you'll need to point it at an http proxy you set up on a computer and watch the requests come through. Something like http://www.charlesproxy.com/ or there are most likely many free proxies.
Connect your computer to the rest
of your local network via Ethernet.
Turn on Internet Sharing from the
Sharing System Preference to share
your Ethernet connection via
AirPort.
Set your iPhone to
connect to the computer as its base
station.
Use Wireshark to
capture and analyze the packets.
I found a really nice repo on github named Wormholy https://github.com/pmusolino/Wormholy it will show every network request on your iphone, you only add it to your pod file and then on your app, you shake your phone and you will see all requests.
Easy to install
Transparent on your app usage
Overview and details of your request
Like so
Screenshot of wormholy usage

detect connection type for iphone on website?

is it possible with javascript, PHP (or anything!) to see if the iphone is using 3g or wifi from a website? We want to load low-res content if its 3G you see,
I found SCNetworkReachabilityFlags but that is just for apps...
Any pointers would be great!
Dan
I wouldn't expect this to be possible at all from the server side. From the client side, as you said, you could use the System Configuration Framework and the SCReachabilityFlags, but only client side.
As far as your server is concerned, it knows nothing about the type of connection any request is coming in on, apart from the immediate connection it has to the internet.
A request from an iPhone may pass through firewalls, routers, bridges, hubs, wireless, wired, almost any kind of network on it's way to you server.
The 3G part is only the connection between the phone and the data provider (AT&T, O2, etc), and after that, it's anybodies guess and will most certainly differ depending on the route between the data provider and your server.
The best advice I can give is to have a landing page, and let the user decide whether or not to load a high or low res version of the site. At least then it's off your hands if they run up a huge data bill...

iPhone only server?

Is it possible to restrict access to a server so that only iPhone devices can use it? I have no experience in setting up servers or the like before. I am still very fresh to programming. Thanks.
Is this a web server you're talking about? If so, then normal web requests have a User-Agent string in the HTTP header. You can check this value to see if the request is coming from an iPhone. If it's not coming from an iphone, you can reject the request, or redirect the user to a page explaining that your website is only for iphones.
If you are developing the server and iphone software, you could use some form of simple encryption. A model like SSL may be too heavyweight, but it may be an option.