Telerik Fiddler: Having issues decrypting https from Iphone 10s - telerik

I am trying to capture https traffic from a specific application on IOS. It's not working. I went through all the legit steps and 1. Installed Bouncy Castle, installed IOS compatible certificate on IOS device, then told it to use my computer as a proxy, and trusted the certificate on IOS. I can now decode "some" https traffic but it isn't decoding the traffic from the app i'm trying to sniff the api from.
I did this exact scenario on android with mixed results because android stored the certificate in the "user" storage so i had to actually patch the apk i was monitoring. I was under the impression that jumping through hoops like that weren't necessary on IOS though. Any ideas?
Note: A fiddler everywhere answer is fine too. I have a trial set up to test it.

Related

Apple Shortcut HTTPs not working on Apple Watch

I use the cool feature in Apple Shortcut to request some HTTP REST commands of my Smarthome via my Webserver. I use an apache2 with Lets Encrypt certificates.
This is working fine on my iPad and on my iPhone but unfortunately not on my Apple Watch. I get always: The certificate for this server is invalid. You might connecting to a server that is pretending to be "my.domain.com" which could put your confidential information at risk.
I use the "URL" command in Apple shortcuts with "Network".
I am not sure how to handle this. On all my Apple devices the short cuts are working but not on the Apple Watch. I restarted the watch already.
Thanks
I found the solution on myself.
First I tested the certificate with https://ssllabs.com from Qualys. This site tests the certificate. The result showed that the chainfile will not be downloaded from the apache2. The mistake was that I forgot to add the "SSLCertificateChainFile" to the configuration.
Now my apache2 SSL configuration is rate A+ and the shortcuts are working again with the Apple Watch.
Why the error only occured on the apple watch and not on the other apple devices too I don't know.
Thanks

How do I fix xamarin.ios app crash on launch in iPhone 8 cellular data?

We have develop a xamarin.ios app thats work fine on all iPhone and iPad except iPhone 8. Its crashed on launch in iPhone 8 on cellular data. Its working good on wifi. I don’t have iPhone 8 device right now, so I am checking it on simulator. But simulator using wifi and its working good on simulator. How can I identify the problem and how to solve it?
FYI we are consuming a service on app launch that need an active internet. Any idea, Please reply.
This should really be a comment, but I don't have the reputation for one.
Without knowing what is happening when your app has launched, have you tried testing your app without a Wi-Fi or data connection?
The issue might be that your clients device is getting a different response from the service that you have not accounted for and this might be causing exceptions etc.
We are checking on IPv6 network but our API was not compatible to IPv6. When we change the network to IPv4, Its work perfectly. But as per apple guidelines we must have to compatible our API to IPv6 network.

What Certificate for signing an Ionic (Cordova) Windows 10 UWP application?

I have an Ionic application, which is currently deployed to the Apple and Android stores. I Now wish to deploy to the Windows store. I have Visual Studio 2015 and have built running the Ionic CLI. I see a lot of created files, including a CordovaApp.Windows10_1.0.0.43_x86.appx
For iOS, the signing is handled via the xcode / developers console, and for Android I created using the keytool which is part of the JDK. Now for Windows..
I have found this on certificates, and this on signing.
I just want to see if I have this understanding correct before I do anything.... so unlike the iOS and Android, where I can just sign, with no extra cost, for the UWP, you actually need to purchase a certificate, just like you do for SSL, to use for the signing of a UWP? Also the app uses SSL (makes https calls to a server via SSL) - not sure if this makes any difference to the certificate required (as when I ran in debug, the https call seemed to be blocked).
Thanks in advance for any information!
I just want to see if I have this understanding correct before I do anything.... so unlike the iOS and Android, where I can just sign, with no extra cost, for the UWP, you actually need to purchase a certificate, just like you do for SSL, to use for the signing of a UWP?
No, you don't need to purchase an certificate to publish your app to store. You only need to create a certificate for package signing, for details, please refer to Create a certificate for package signing. Then you can sign your app using SignTool, please refer to Sign an app package using SignTool.
After that, when you are submitting your app, you will need to have a developer account, which requires some monetary cost,

iOS 8 / Xcode 6 Simulator is not using HTTP Proxy anymore

My iOS 8 Simulator is not using my proxy settings anymore (I want to debug with Charles). The rest of the system does. The simulator somehow seems to get direct internet access. Have I missed some new setting?
Caution: this is NO dup of How to use Charles Proxy on the Xcode 6 (iOS 8) Simulator?. I´m not trying to use SSL on the simulator in the first place. My simulator doesn´t even start to use the proxy.
Charles:
System:
Restart the simulator between proxy changes
This is correct. Proxy settings that are setup on the host are not necessarily usable by the simulated runtime. If your proxy server requires authentication, you will not be able to use it in the iOS Simulator due to the simulator and host not sharing the same keychain. If you rely on this functionality, please file a radar at http://bugreport.apple.com and request an alternative.
Also note that this is discussed in the Xcode 6 Release Notes:
iOS Simulator does not support the use of network proxy servers that require authentication. (14889876)
Do not forget the HTTPS:
Set Web Proxy (HTTP) and Secure Web Proxy (HTTPS)
Restart the simulator after proxy changes

Publishing Mac App on App Store

We are developing an application for our client and he wanted us to build App so he can publish the app over the Mac App store,
As of now we don't have Mac Developer Id, and we have received App Id from the client,
My question is, is it possible to make build only using App Id ?
I guess with App ID you mean something like "com.company.product".
Getting an Application for OS X to the App store is not an easy task (compared to iPhone/iPad).
To sign the App you need the public/private Key pair and a couple of certificates from your client.
The convenient way to upload the app to apple is done using Xcode.
Does the client use Xcode? If your client uses Xcode, then your client can do all the signing stuff. Then your client needs just the source code.
If your client needs a signed binary, then it's not obvious HOW he gets the app to the Appstore. There is a tool which can be used to upload the binary: "Application Loader.app"
(Here is a similar SO question which describes the toolchain: How to submit an iOS app WITHOUT XCode?)
If you need to deliver your results to your client as a signed bundle then you need all Certificates from the client. Your code must have all entitlements set. Uploading this code without testing your entitlements on your local machine is like driving a car blindfolded.
However: If you need to deliver a signed binary to your client, then you need all certificates.
If you will distribute the code to the client, it's not a problem delivering an unsigned binary to the client. Apps can be executed without code signing. Even without an valid AppID your code may be executed.
If your client has knowledge about Mac development, this should be no problem. If your client't doesn't know anything about Mac development, you should get access to his Mac-Developer account and do it for him.
Conclusion: The AppID is just a string to identify the app. If your client does the code signing stuff and uploading to Apple by himself using Xcode, then you need nothing else.
If you should use iCloud or App-Sandboxing (Entitlements) then you NEED certificates from your client.

Resources