Coundnt use mitmproxy for sniffing SpeedTest in iOS App

benjo · February 15, 2017, 12:26pm

Hi, want to change my mitm tools to mitmproxy and find a problem with Sniffing one iOS App.
It has a Internet SpeedTest Feature that dont works when using Mitmproxy.
Connection Problems also with any passthru config like ignore domain or tcp-raw.
Iam running mitmproxy in Transparent Mode and with iptabels redirect traffic to its port.

Tried to log diffrents between traffic but cant see any reason why this dont work in Mitmproxy.
Maybe something on my side but can someone confirm if he could sniff the Speedtest or at least use Passtru?

App Name: connect
Dev: WEKA Media Publishing GmbH, Store: DE, Version 2.0.3

mhils · February 17, 2017, 1:22pm

Which tool did you use before that worked?

benjo · February 20, 2017, 8:56am

a version of https://github.com/intrepidusgroup/mallory or https://bitbucket.org/IntrepidusGroup/mallory/wiki/Home

mhils · February 21, 2017, 2:04pm

Is this speedtest over UDP or over TCP?

benjo · February 22, 2017, 10:40am

just TCP, no udp.

Data Format is unknown.
Uses packets with [PSH, ACK] flags in both directions.

One difference i can see is that without mitmproxy there are some ECN + CWR flags

direct masq
 TCP	78	49443 → 8083 [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1460 WS=32 TSval=474767230 TSecr=0 SACK_PERM=1
 TCP	74	8083 → 49443 [SYN, ACK, ECN] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=260227485 TSecr=474767230 WS=4
 
with mallory
TCP	78	49441 → 8083 [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1460 WS=32 TSval=474767230 TSecr=0 SACK_PERM=1
TCP	74	8083 → 49441 [SYN, ACK, ECN] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=260227484 TSecr=474767230 WS=4

 and with mitmproxy
 TCP	80	51925 → 8083 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=16 TSval=534287545 TSecr=0 SACK_PERM=1
 TCP	76	8083 → 51925 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=92179 TSecr=534287545 WS=128

mhils · February 22, 2017, 12:45pm

If TCP flags are indeed the problem, there’s not much we can do - sorry. We just operate with plain Python sockets.

benjo · February 22, 2017, 5:02pm

I looked in Mallory as its also in Python.
They also used python sockets with “SOCK_STREAM” for TCP.
But dont know the difference in settings or how they do the data forwarding
The flags maybe even not the problem, was just a thought.

benjo · February 28, 2017, 3:14pm

Is there somthing you can recommend to test or try to find out more?

Topic		Replies	Views
[newbie] intercept iOS on RPi (ubuntu)	1	1141	February 4, 2017
Mitmproxy not picking up traffic	1	4606	June 23, 2017
Need help sniffing traffic between Android/iOS game and its server help	4	4307	October 14, 2016
Configuring iPhone client for Transparent Mode & VPN help	0	1609	June 24, 2018
Simulate slow netowrk connection help	2	3618	August 9, 2016

Coundnt use mitmproxy for sniffing SpeedTest in iOS App

Related Topics