On Dec 17, 2023, at 5:38 AM, public1020 via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:
>
> I'm debugging a weird iOS application issue, I need to capture the clear traffic between the client and the server.
>
> I have the SSL private key and certificate, alongside the pcap file captured.
>
> How can I decrypt the HTTPS traffic and view it with wireshark?
You can capture iPhone traffic by connecting the phone to a Mac via USB
and then starting a remote virtual interface via 'rvictl' and 'rvmuxd'
(both are Xcode Command Line Tools utilities).
Wireshark can then capture traffic from the remote virtual interface on the Mac.
https://www.thequantizer.com/tutorials/wireshark-iphone-traffic-capture/
You can also configure the iPhone WiFi to use an mitmproxy server
running on the Mac (or in your case, on Linux).
Wireshark can then capture all unencrypted traffic on the mitmproxy
server port on the proxy host.
BE AWARE that configuring this on your iPhone is a potential security risk
because you must (at least temporarily) configure your phone to trust the CA certificate provided
by mitm.it. Don't forget to disable the proxy and/or delete the certificate
on your iPHone when you are finished with your capture.
https://mitmproxy.org/
I'm typing this up from incomplete notes, so I may have omitted or mangled some steps.
Please write back if you have any problems or questions.
regards,
--
Mark