Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add debug proxy for tunnel interface #353

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Add debug proxy for tunnel interface #353

wants to merge 10 commits into from

Conversation

dmissmann
Copy link
Collaborator

We can simply use a pcap library to capture the communication going over the tunnel interface (it't not encrypted at that point).

usbmuxd and utun captured traffic are put into separate subdirectories in a dump. Their content is also slightly different. With utun we already put the service name in the directory name, and we try to decode the content when possible (currently we do this for http2, RemoteXPC and DTX)

@dmissmann dmissmann marked this pull request as ready for review March 6, 2024 08:58
main.go Outdated
@@ -205,11 +206,12 @@ The commands work as following:
> If you wanna speed it up, open apple maps or similar to force network traffic.
> f.ex. "ios launch com.apple.Maps"
ios forward [options] <hostPort> <targetPort> Similar to iproxy, forward a TCP connection to the device.
ios dproxy [--binary] [--mode=<all(default)|usbmuxd|utun>] [--iface=<iface>] [options] Starts the reverse engineering proxy server.
ios dproxy [options] [--binary] [--mode=<all(default)|usbmuxd|utun>] [--iface=<iface> --address=<ipv6addrr> --rsd-port=<port>] Starts the reverse engineering proxy server.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't address and port already part of [options]? Ref: https://github.com/danielpaulus/go-ios/blob/main/main.go#L134

The pattern in this snippet use to work for me, haven't tested for a while now:

ios dproxy [--binary] [--mode=<all(default)|usbmuxd|utun>] [--iface=<iface>] [options]


func decodeRemoteDtx(w io.Writer, r io.Reader) error {
for {
m, err := dtx.ReadMessage(r)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we can make this work with fragmented messages out of box, using DecodeNonBlocking() just like it's used by TestFragmentedMessage unit tests.

if i == 0x29b00b92 {
return remoteXpc
}
if string(b[:3]) == "y[=" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this magic also 4 bytes long?

outErr := decodeHttp2(outgoing.w, outFile, true)
inErr := decodeHttp2(incoming.w, inFile, false)
if err := errors.Join(outErr, inErr); err != nil {
//return err
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to keep this?

)

func Live(ctx context.Context, iface string, provider ios.RsdPortProvider, dumpDir string) error {
return errors.New("capturing traffic on the utun interface is only supported on MacOS")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this still hold true?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can go-ios sniff tunnels created by itself running on a separate process?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should work on linux as well. however, after changing it to build everywhere the build fails on linux. And I think initially the motivation was that this anyways is mainly used on MacOS I would expect that you always want Xcode/MacOS to perform a certain action that we want to capture

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants