iOS Reverse Engineering

[crylonblue]

Hey, i am currently trying to do your thing in python and for iOS.

I am trying to use frida for the ssl unpinning and mitmproxy for getting the traffic. But mitmproxy is unable to show the data properly. Any tips on reverse engineering the ig mqtt api on iOS?

Thanks in advance

[Nerixyz]

I haven't looked at ios.

[crylonblue]

Should be the same, the only difference i saw so far, that on android, the session gets saved in a cookie. In ios the Bearer-Token is present in the request header.

[Nerixyz]

In ios the Bearer-Token is present in the request header.

Android uses the token as well.

[crylonblue]

I think for the most part, it should be the same.
Any tipps on reverse engineering in ios? My current setup is wireshark, with mitm proxy transparent, and frida for ssl unpin. Anything I have to lookout for and maybe some resources where i can find something about mqttot?

[Nerixyz]

Any tipps on reverse engineering in ios?

I have never done iOS RE.

Anything I have to lookout for and maybe some resources where i can find something about mqttot?

MQTToT isn't a standard. You can look here on how it's different from regular MQTT 3/3.1.