How to sniff your iPhone's outbound traffic.

In the wake of the Path address-book uploading fiasco, I wanted to see what traffic *my* iPhone was sending out. A chatty iPhone app can also be a huge battery drain.

This tutorial assumes that your iPhone is using WiFi to connect to the same network your Mac is connected to. The first tool you will need is the Python-based Mitmproxy (“Man-In-The-Middle”) which is available here.  You will also need Urwid, a console user interface library for Python. Download the current, stable binary versions of both of these programs (0.6 and 1.01 at the time of this writing). Then simply un-tar them to folders on your desktop.

Open a command prompt and change directory into the urwid-1.0.1 directory. Run the install script with the following invocation:

$ sudo python install
running install
running bdist_egg
running egg_info
creating urwid.egg-info
writing urwid.egg-info/PKG-INFO

Note that some of the echoed installation lines are not shown here. Exit from the urwid directory, and change directory into the mitmproxy-0.6.3 directory. From there, run the installation script:

$ sudo python install
running install
running build
running build_py
creating build
creating build

That’s it! You are now ready to start sniffing your iPhone! Run an “ifconfig” command at the command prompt to obtain the IP address of your Mac. On my Mac, the IP address is on interface en0:

ether 50:e5:49:5e:3b:5c
inet6 fe80::52e5:49ff:fe5e:3b5c%en0 prefixlen 64 scopeid 0x4
inet netmask 0xffffff00 broadcast
media: autoselect (1000baseT <full-duplex>)
status: active

While still in the mitmproxy directory, start mitmproxy by typing “mitmproxy” at the command line. A blank python window will pop-up, ready to receive input.

After that, grab your iPhone and enable WiFi. After it starts running, click the right arrow next to your SSID to access its properties:

Scroll down to the HTTP Proxy section, and enter your desktop’s IP address and port 8080. Here you see my Mac’s IP address of

That’s it! Now just wait for an app on your iPhone to initiate outbound traffic. The proxy will capture and record it, like this:

Using code compiled for an older iOS SDK

With the ever-increasing speed of iOS updates from Apple, its inevitable you might come across some code written to the 3.x SDK. When you open the project in Xcode, you see the code’s frameworks in glaring red:

Selecting the active picker, you can see evidence of the missing SDK:

To fix this, open Project-Edit Active Target , and find the entry for Base SDK. Click the value column across from this entry, and select your current SDK:

Now restart Xcode, and you will see that the red highlights on the Frameworks have dissappeared. The project will now use your current SDK, rather than complaining about the older, missing 3.x SDK: