Oğuzhan Varsak

Oğuzhan Varsak


Monitoring iOS HTTPS Network Traffic

In an attempt to explore Apple’s Find My Friends API, I was led to monitor the network requests coming from my iPhone 6s and actually finding some rather interesting responses.

For this guide I have used the Charles app for Mac OSX and my iPhone 6s, although this guide and the Charles app could be applied to any other OS and hardware.


Step 1: Download

Download a copy at here and install on your machine. Note, this app is $50 USD (includes 4 licences) but is free on a trail for 30 days.

Upon first run, you will start to see SSL requests coming in their encrypted form, we will need to perform an SSL “man in the middle attack” on ourselves to view the data unencrypted

Encrypted Requests


Step 2: Install Root Certificate Authority (CA) on your Mac

Go to this path:

Help > SSL Proxying > Save Charles Root Certificate

Double click to install the certificate, this should open “Keychain Access” then search “Charles Proxy CA”, right click on the certificate > Get Info, open the “Trust” menu and select from the dropdown “When using this certificate” to “Always Trust”.

Go back to the Charles App and go to menu

 Proxy > SSL Proxy Settings... 

add host “*” and port “*” to the Locations list. Make sure to restart your browser so it now uses the new Root Certificate.


This will allow you to monitor SSL requests by Charles on your machine!

Step 3: Setup your Phone

You will need to send the certificate you had saved above via email to an active email account on your iOS device and be using the Apple Mail App (unfortunately, going to the recommended http://chls.pro/ssl in Safari does not install the certificate). Click on the attached certificate in the email message and this view below should appear, install the profile:


Next, find out the IP of your machine (Will be in network settings) and make sure that both your iOS and Desktop OS Machine devices are connected to the same network then navigate to

Settings App > Wi-Fi > WifiName Settings > HTTP Proxy > Manual

then enter Server: x.x.x.x (the local address of your machine found above) and Port: 8888

Wi-Fi Settings Page



Then go back to Charles App and click “Allow” on the popup asking for permission


You should now see requests coming in from your device!

My Instagram Feed!


Chris Southcott’s Location data on Apple’s “Find My Friends

Last Step: Cleanup

When you are done, revert back to a legitimate CA Root by deleting the “Charles Proxy CA” certificate on the Mac in the Keychain Access App and on iOS by going to General > Profile > Charles Proxy and deleting the certificate.


  1. Avatarvurtil opmer

    Great beat ! I would like to apprentice even as you amend your website, how can i subscribe for a weblog web site? The account helped me a acceptable deal. I have been a little bit acquainted of this your broadcast offered brilliant clear concept



Your email address will not be published. Required fields are marked *