After returning from DefCon I wanted to make sure my iPhone is not communicating with any sketchy servers out there. So decided to run a quick tcpdump on the traffic and here is how to do it:
First you need to install Xcode. Once you create a project and connect your iPhone, choose your device in the devices tab and click “Trust” on your phone.
Then move to iTunes and click on Serial Number to find the UDID of the device.
Next, double check that you have rvictl installed. Typically it comes preinstalled with Xcode: which rvictl
Run rvictl -x <UDID>This will bring up the rvi0 interface.
Now you can run tcpdump and analyze the traffic in Wireshark!
sudo tcpdump -ni rvi0 -s0 -w iostraffic.pcap
-n is for turning off name resolution. -i is for specifying the rvi0 interface. -s0 to capture the whole packet and -w to write the output to iostraffic.pcap file.
Profit!
Bitcoin tip jar: bc1qgpl6lhf09j6kcdvkh8cz90p4cfxuyfec3ecjrd
Ethereum tip jar: 0x7e0Bf6D50b5F5fcbf76A16Bd5285CE0c74C063a9
