When doing network analysis there is 2 goal

• Check for insecure data communication
• To understand how the application works

Multiple ways to implement network using such as URLSession, Network.framework or CFNetwork

App Transport Security (ATS) is a privacy feature and data integrity that force application to use secure communication (HTTPS) instead of insecure (HTTP) and it's enabled by default.

Bypassing secure communication

Manually

Remove the ssl pinning method in the binary, or create frida script to return false on the checks

Automatic

SSL Kill Switch 2

Kill terminate all SSL/TLS Communication for all apps.

You can download SSL Kill Switch 2 from Cydia.

Objection

use the ios sslpinning disable function.

iron@MacOS DVIA % objection -g "DVIA-v2" explore
Using USB device `iPhone`
Agent injected and responds ok!

     _   _         _   _
 ___| |_|_|___ ___| |_|_|___ ___
| . | . | | -_|  _|  _| | . |   |
|___|___| |___|___|_| |_|___|_|_|
      |___|(object)inject(ion) v1.11.0

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
* on (iPhone: 14.6) [usb] # ios sslpinning disable
(agent) Hooking common framework methods
(agent) Found NSURLSession based classes. Hooking known pinning methods.
(agent) Hooking lower level SSL methods
(agent) Hooking lower level TLS methods
(agent) Hooking BoringSSL methods
(agent) Registering job 515480. Type: ios-sslpinning-disable
* on (iPhone: 14.6) [usb] # (agent) [515480] Called SSL_CTX_set_custom_verify(), setting custom callback.
(agent) [515480] Called custom SSL context verify callback, returning SSL_VERIFY_NONE.
* on (iPhone: 14.6) [usb] # 
* on (iPhone: 14.6) [usb] # 

Capture Traffic

1. Installed Burp on a computer
2. Configure the burp proxy to listen on all interfaces
3. Set the IP for the computer with Burp as the HTTP Proxy in the iOS WiFi settings