Inspecting HTTPS traffic on iOS simulator running iOS 8 with Burp or Charles

I had some problems installing the Burp or Charles CA certificate in the iOS simulator running iOS 8. I tried following various tutorials I found, but to no success. In particular I tried to combine a tutorial which said to extract the CA certificate using Firefox and install it to the TrustStore.sqlite3 keystore in the simulator directory. My failure to get that particular line of attack working lead me to a more successful path involving the iosCertTrustManager tool.

The solution is to download the iosCertTrustManager tool, export the CA certificate from Burp or Charles and then install the tool.

1. Download the iosTrustCertManager Python script from:
   https://github.com/ADVTOOLS/ADVTrustStore
   


2. Get the CA certificate
   
   
   
   • For Burp
     
     
     
     • Go to Proxy -> Options -> CA certificate
     
     
     • Export the certificate in DER format, and store it in some location
       
     
     
     • Convert the certificate to pem format using OpenSSL:
       openssl x509 -inform der -in ~/tmp/burpca.der -out ~/tmp/burpca.pem
     
     
     
     
   
   
   • For Charles
     
     
     
     • Download the CA certificate for Charles from this page under MAC OS X or IOS Devices or download directly form this link
     
     
     
     
   
   
   
   


3. Run iosCertTrustManager:
   python iosCertTrustManager.py -a ~/tmp/burpca.pem

Happy hacking!