Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Network requests are not intercepted for iOS apps built on Dart using Flutter #558

Open
1 task done
bhavukjain1 opened this issue Mar 4, 2024 · 2 comments
Open
1 task done

[Bug]: Network requests are not intercepted for iOS apps built on Dart using Flutter #558

bhavukjain1 opened this issue Mar 4, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@bhavukjain1
Copy link

Has this been reported before?

  • I have checked for existing reports of this issue

Repro steps

The API requests generated on iOS apps built on Dart using Flutter are not intercepted by the HTTP toolkit. Steps to reproduce -

  1. Configure iOS device with HTTP toolkit.
  2. Run http toolkit on MacOS (version 1.14.10).
  3. Download the demo flutter app - https://github.com/bhavukjain1/flutter_rest_api
  4. Run this on a physical iOS device.
  5. In the iOS app, click on Fetch User Data

Ideally this should make an API call to https://bhavukjain.com/ but is not intercepted by the HTTP toolkit on the MacOS.

How often does this bug happen?

Every time

The desktop OS you're using

MacOS 14.3

Details of other apps/devices

iOS 17.3

Error screenshot

No response

Any other info?

No response
@bhavukjain1 bhavukjain1 added the bug Something isn't working label Mar 4, 2024
@pimterry
Copy link
Member

pimterry commented Mar 4, 2024

Ah, I see! Sorry from your Twitter comment I assumed that iOS wasn't working for you at all. Sounds like it is, it's just not working for Flutter requests specifically.

That is a known problem, and yes right now workarounds like hosting a custom VPN are the best options I think. I have a few alternatives I'm working on though! I'd be interested in what you think:

  • Focusing on jailbroken/simmulator/debuggable app use cases, where Frida can be used to redirect traffic manually with no VPN required. This would be able to target a single app in isolation, and can also handle certificate setup & unpinning automatically en route. This is mostly automation & simplified setup around the existing Frida scripts I shared on Twitter.
  • Building a VPN-like network extension, effectively using the iOS VPN APIs to rewrite traffic as it leaves the device, but without actually needing a VPN server anywhere (this is how the Android app works, more info here: https://httptoolkit.com/blog/inspecting-android-http/). This would work on non-jailbroken devices, but it's quite complicated to develop, would still require manual cert setup, and wouldn't be able to help with unpinning at all.

Any thoughts on what would work best for the kind of use cases you see?

I'll keep this issue open regardless - it's a good point, and I'm definitely interested in finding proper automated solutions to this in future.

@bhavukjain1
Copy link
Author

No worries! I'm keen on looking out for solutions other than VPN for non jailbroken devices but it seems to be quite a task at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pimterry @bhavukjain1