有时我们在开发iOS APP时,需要抓取iOS设备的网络包.下面根据我实际工作经验,给出如下几个思路:

通过路由器

可以将iOS设备连接到一个可以抓包的路由器,抓取流向或流出iOS设备的包.

通过MAC电脑

可以通过MAC共享“因特网”特性,不管是“蓝牙”还是“以太网”,只要将iOS设备连接之,就可以抓取流向或流出iOS设备的包.

远程虚拟接口

MAC提供了Remote Virtual Interface, 允许用户将iOS网卡设备映射到本地,再通过抓包工具tcpdump就可以查看流向或流出iOS设备的包.

rvictl [-h][-l][-s \<udid1\> ... \<udidN\>][-x \<udid1\> ... \<udidN\>]

Remote Virtual Interface Tool starts and stops a remote packet capture instance 
for any set of attached mobile devices. It can also provide feedback on any attached 
devices that are currently relaying packets back to this host. 

Options:
	-l, -L		List currently active devices
	-s, -S		Start a device or set of devices
	-x, -X		Stop a device or set of devices

具体操作流程:

  • 通过usb将iOS设备连接到MAC电脑.
  • 获取到iOS设备的uuid,并通过rvictl映射
      StarnetdeMacBook-Pro:PPDragDropBadgeView starnet$ rvictl -s 690a505acd5ea06233a2c10c173907c135070ace
    Starting device 690a505acd5ea06233a2c10c173907c135070ace [SUCCEEDED] with interface rvi0
      

    可以看到系统将其映射到rvi0,通过ifconfig可以查看结果

      ...
      awdl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1452
              ether 92:6b:b4:55:73:9f 
              inet6 fe80::906b:b4ff:fe55:739f%awdl0 prefixlen 64 scopeid 0x9 
              nd6 options=1
              media: autoselect
              status: active
    rvi0: flags=3005<UP,DEBUG,LINK0,LINK1> mtu 0
    ...
      </pre>
    	
    
  • 利用tcpdump进行抓包
      tcpdump -i rvi0
      
  • 抓包结束后,通过rvictl停止映射
      StarnetdeMacBook-Pro:PPDragDropBadgeView starnet$ rvictl -x 690a505acd5ea06233a2c10c173907c135070ace
    Stopping device 690a505acd5ea06233a2c10c173907c135070ace [SUCCEEDED]