{"id":16668889,"url":"https://github.com/doronz88/harlogger","last_synced_at":"2025-04-06T07:11:18.031Z","repository":{"id":53918333,"uuid":"350311704","full_name":"doronz88/harlogger","owner":"doronz88","description":"Simple utlity for sniffing decrypted HTTP/HTTPS traffic on an macOS/iOS device (either jailbroken or not)","archived":false,"fork":false,"pushed_at":"2024-09-15T11:53:52.000Z","size":8601,"stargazers_count":156,"open_issues_count":0,"forks_count":20,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-02T23:07:35.586Z","etag":null,"topics":["har","http","https","ios","jailbroken","sniffer"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doronz88.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-22T11:07:09.000Z","updated_at":"2025-04-02T09:31:15.000Z","dependencies_parsed_at":"2024-01-30T10:30:10.852Z","dependency_job_id":"c9ba2b87-cd1f-4593-b790-3b0bcdd0636a","html_url":"https://github.com/doronz88/harlogger","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doronz88%2Fharlogger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doronz88%2Fharlogger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doronz88%2Fharlogger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doronz88%2Fharlogger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doronz88","download_url":"https://codeload.github.com/doronz88/harlogger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247445669,"owners_count":20939958,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["har","http","https","ios","jailbroken","sniffer"],"created_at":"2024-10-12T11:27:55.241Z","updated_at":"2025-04-06T07:11:18.002Z","avatar_url":"https://github.com/doronz88.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"- [Description](#description)\n- [Installation](#installation)\n- [Profile method for macOS host](#profile-method-for-macos-host)\n  * [Howto](#howto)\n- [Profile method for non-jailbroken devices](#profile-method-for-non-jailbroken-devices)\n  * [Howto](#howto-1)\n- [Secret preference method for jailbroken devices](#secret-preference-method-for-jailbroken-devices)\n  * [Howto](#howto-2)\n- [Enable HTTP instrumentation method](#enable-http-instrumentation-method)\n\n# Description\n\nSimple pure python utility for sniffing HTTP/HTTPS decrypted traffic recorded by one of Apple's not-so-well documented\nAPIs.\n\n# Installation\n\n```shell\npython3 -m pip install -U harlogger\n```\n\n# Profile method for macOS host\n\nThis method applies to Apple's CFNetwork profile. This profile is meant for debugging processes using the CFNetwork\nframework. **This method doesn't include the request/response body.**\n\n## Howto\n\n- Download\n  Apple's [CFNetwork profile for macOS](https://developer.apple.com/services-account/download?path=/iOS/iOS_Logs/NetworkDiagnostic.mobileconfig):\n\n\n- Install it using double-click\n\n- That's it! :) You can now just start sniffing out everything using:\n    ```shell\n    python3 -m harlogger profile\n    ```\n\n# Profile method for non-jailbroken devices\n\nThis method applies to Apple's CFNetwork profile. This profile is meant for debugging processes using the CFNetwork\nframework. **This method doesn't include the request/response body.**\n\n## Howto\n\n- Download\n  Apple's [CFNetwork profile for iOS](https://developer.apple.com/services-account/download?path=/iOS/iOS_Logs/CFNetworkDiagnostics.mobileconfig):\n\n- Install it via any way you prefer. I'm using [`pymobiledevice3`](https://github.com/doronz88/pymobiledevice3):\n\n    ```shell\n    # if you don't already have it\n    python3 -m pip install -U pymobiledevice3\n    \n    # install the profile\n    pymobiledevice3 profile install CFNetworkDiagnostics.mobileconfig\n    ```\n\n- That's it! :) You can now just start sniffing out everything using:\n    ```shell\n    python3 -m harlogger mobile profile\n    ```\n\nOutput should look like:\n\n```\n➜  harlogger git:(master) ✗ python3 -m harlogger profile\n➡️️   POST https://www.bing.com/fd/ls/lsp.aspx HTTP/1.1\nAccept: */*\nContent-Type: text/xml\nOrigin: https://www.bing.com\nAccept-Encoding: gzip, deflate, br\nCookie: SRCHHPGUSR=CW=414\u0026CH=622\u0026SW=414\u0026SH=736\u0026DPR=3\u0026UTC=180\u0026DM=1\u0026SRCHLANG=en\u0026HV=1634801804; _HPVN=CS=eyJQbiI6eyJDbiI6MiwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MiwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MiwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMS0xMC0yMVQwMDowMDowMFoiLCJJb3RkIjowLCJEZnQiOm51bGwsIk12cyI6MCwiRmx0IjowLCJJbXAiOjEwfQ==; SUID=M; _EDGE_S=SID=1BF42681120765EF1EA73656137A640E; _SS=SID=1BF42681120765EF1EA73656137A640E; MUID=1B0D347B85756FDD055524B284086E36; SRCHD=AF=NOFORM; SRCHUID=V=2\u0026GUID=5B989717430E450D9314C927C97602C9\u0026dmnchg=1; SRCHUSR=DOB=20211007; _EDGE_V=1; MUIDB=1B0D347B85756FDD055524B284086E36\nUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Mobile/15E148 Safari/604.1\nReferer: https://www.bing.com/\nContent-Length: 458\nAccept-Language: en-us\n\n⬅️   HTTP/2.0 204 (request POST https://www.bing.com/fd/ls/lsp.aspx HTTP/1.1)\nx-msedge-ref: Ref A: E5B5AE34FBA148E6BDFFBF421B940462 Ref B: VIEEDGE1816 Ref C: 2021-10-21T07:36:44Z\nDate: Thu, 21 Oct 2021 07:36:44 GMT\nx-cache: CONFIG_NOCACHE\nAccess-Control-Allow-Origin: *\n```\n\n# Secret preference method for jailbroken devices\n\niOS 14.x devices contain a hidden feature for sniffing decrypted HTTP/HTTPS traffic from all processes using the\nCFNetwork framework into an [HAR](https://en.wikipedia.org/wiki/HAR_(file_format).)\nformat. To trigger this feature on a jailbroken device, you can simply place the correct configuration\nfor `com.apple.CFNetwork` and trigger the `com.apple.CFNetwork.har-capture-update` notification.\n**This method includes the request/response body as well.**\n\n**iOS 13.x or under don't have this feature.**\n\n## Howto\n\n- Put [com.apple.CFNetowrk.plist](./com.apple.CFNetwork.plist) inside `/var/mobile/Library/Preferences/`\n- Restart the device\n- That's it! :) You can now just start sniffing out everything using:\n    ```shell\n    python3 -m harlogger preference\n    ```\n\nOutput should look like:\n\n```\n➜  harlogger git:(master) ✗ python3 -m harlogger mobile preference\n➡️   CFNetwork(1140) POST https://www.bing.com/fd/ls/lsp.aspx\nPOST /fd/ls/lsp.aspx HTTP/2.0\nAccept: */*\nContent-Type: text/plain\nOrigin: https://www.bing.com\nCache-Control: max-age=0\nContent-Length: 472\nAccept-Language: en-us\nUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Mobile/15E148 Safari/604.1\nAccept-Encoding: gzip, deflate, br\nReferer: https://www.bing.com/\n\n⬅️   CFNetwork(1140) 0\n➡️   CFNetwork(1140) POST https://www.bing.com/fd/ls/lsp.aspx\nPOST /fd/ls/lsp.aspx HTTP/2.0\nAccept: */*\nContent-Type: text/xml\nOrigin: https://www.bing.com\nContent-Length: 378\nAccept-Language: en-us\nHost: www.bing.com\nUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Mobile/15E148 Safari/604.1\nReferer: https://www.bing.com/\nAccept-Encoding: gzip, deflate, br\nConnection: keep-alive\n\n\u003cClientInstRequest\u003e\u003cEvents\u003e\u003cE\u003e\u003cT\u003eEvent.ClientInst\u003c/T\u003e\u003cIG\u003eEB94C422BC394F90A876D39A790BECBC\u003c/IG\u003e\u003cTS\u003e1634801882467\u003c/TS\u003e\u003cD\u003e\u003c![CDATA[[{\"T\":\"CI.BoxModel\",\"FID\":\"CI\",\"Name\":\"v2.8\",\"SV\":\"4\",\"P\":{\"C\":1,\"N\":5,\"I\":\"5iv\",\"S\":\"V\",\"M\":\"V+L+M+MT+E+N+C+K+BD\",\"T\":1669960,\"F\":0},\"V\":\"zrpx/////////visible/+zryw/////////hidden/@p\"}]]]\u003e\u003c/D\u003e\u003c/E\u003e\u003c/Events\u003e\u003cSTS\u003e1634801882467\u003c/STS\u003e\u003c/ClientInstRequest\u003e\n```\n\n# Enable HTTP instrumentation method\n\nStarting at iOS 15.0, the device will require the target process to have any of the following requirements:\n\n- `com.apple.private.cfnetwork.har-capture-delegation` entitlement\n- `get-task-allow` entitlement\n- `com.apple.security.get-task-allow` entitlement\n- OS build to be in `debug` mode\n\nIn order to make the device enable HAR logging you may\nuse [`pymobiledevice3`](https://github.com/doronz88/pymobiledevice3) as follows:\n\n```shell\npython3 -m pymobiledevice3 developer dvt har\n```\n\nNow you can start sniffing using the preference method:\n\n ```shell\npython3 -m harlogger preference\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoronz88%2Fharlogger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoronz88%2Fharlogger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoronz88%2Fharlogger/lists"}