Intercepting API calls of your iOS app

https://upload.wikimedia.org/wikipedia/commons/1/15/Brent_Grimes-Hamburg_Sea_Devils.jpg

When you work with APIs, you rely on the vendors API documentation.
However, API documentation is often not up to date or might be missing the latest API changes.

In this blog, I will describe how to intercept API calls from an iOS app.

What you need to get started:

Let’s get started:

  1. Install and start Charles Proxy
  2. Configure proxy settings in Charles Proxy

    charles_proxy_settings
    Charles Proxy – Settings
  3. Configure the proxy on your iPhone (Settings -> Wi-Fi -> Wi-Fi name -> Set HTTP PROXY to Manual

    iPhone Proxy Settings
    iPhone Proxy Settings
  4. Start recording in Charles Proxy

    Charles Proxy Start Recording
    Charles Proxy – Start Recording
  5. Start using your iOS app and see all HTTP & HTTPS calls being populated under Structure
    Charles Proxy - Results
    Charles Proxy – Results

    You can open up each result and take a look at most of the details including any responses.

    TIP: Depending on the number of apps on your iPhone, you might want to filter for a specific URL like in Charles Proxy’s recording settings. This will greatly reduce the number of intercepted calls.