How to sniff your iPhone's outbound traffic.

In the wake of the Path address-book uploading fiasco, I wanted to see what traffic *my* iPhone was sending out. A chatty iPhone app can also be a huge battery drain.

This tutorial assumes that your iPhone is using WiFi to connect to the same network your Mac is connected to. The first tool you will need is the Python-based Mitmproxy (“Man-In-The-Middle”) which is available here. You will also need Urwid, a console user interface library for Python. Download the current, stable binary versions of both of these programs (0.6 and 1.01 at the time of this writing). Then simply un-tar them to folders on your desktop.

Open a command prompt and change directory into the urwid-1.0.1 directory. Run the install script with the following invocation:

$ sudo python setup.py install
running install
running bdist_egg
running egg_info
creating urwid.egg-info
writing urwid.egg-info/PKG-INFO
...

Note that some of the echoed installation lines are not shown here. Exit from the urwid directory, and change directory into the mitmproxy-0.6.3 directory. From there, run the installation script:

$ sudo python setup.py install
Password:
running install
running build
running build_py
creating build
creating build
...

That’s it! You are now ready to start sniffing your iPhone! Run an “ifconfig” command at the command prompt to obtain the IP address of your Mac. On my Mac, the IP address is 192.168.1.100 on interface en0:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 50:e5:49:5e:3b:5c
inet6 fe80::52e5:49ff:fe5e:3b5c%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (1000baseT <full-duplex>)
status: active

While still in the mitmproxy directory, start mitmproxy by typing “mitmproxy” at the command line. A blank python window will pop-up, ready to receive input.