Intercepting iOS App Traffic Without Frida, reFlutter, or OpenVPN

Introduction

Intercepting mobile application traffic is an important step during mobile application security testing. It helps testers understand how the application communicates with the backend server, what data is being sent, and whether the traffic is properly protected.

Usually, traffic interception on iOS can be done by manually configuring a proxy, using Frida scripts, using reFlutter, or creating an OpenVPN setup. These methods are useful, but they may take time and require extra preparation.

In this blog, I will explain a simpler way to route iOS application traffic through Burp Suite using Potatso, a VPN proxy application.

This method can help intercept traffic from different iOS applications, not only Flutter applications. However, the example in this blog focuses on a Flutter application because Flutter apps sometimes require more setup during testing.

The idea is simple:

The iPhone traffic will be routed through Potatso, then Potatso will forward the traffic to Burp Suite running on the laptop.

The traffic flow will be:

iOS App → Potatso VPN Proxy → Burp Suite → Server

This setup is similar in concept to using Super Proxy on Android. Both approaches use a VPN/proxy application on the mobile device to route application traffic to Burp Suite on the laptop.

In simple words:

Mobile App → VPN/Proxy App → Burp Suite → Server

The difference is that this blog focuses on iOS using Potatso, while Super Proxy is commonly used on Android for a similar purpose.

This approach can be useful when the application does not enforce strong SSL pinning or when the application trusts the iOS system certificate store.

The Problem

Potatso is available on the App Store, but the latest version requires iOS 17 or later.

This creates a problem for many jailbroken testing devices, because most Dopamine jailbreak devices are running iOS 15 or iOS 16.

So, if you try to download Potatso directly from the App Store, the App Store may prevent the installation because the device iOS version is lower than the required version.

To solve this, we can use jailbreak tweaks to download Potatso and then downgrade it to an older version that works on our device.

Requirements:

Before starting, you need the following:

• A jailbroken iPhone using Dopamine.
• Sileo package manager.
• Burp Suite installed on your laptop.
• The iPhone and laptop connected to the same network.
• Potatso VPN proxy application.
• AppStoreTroller tweak.
• AppStore++ tweak.
• PreferenceLoader tweak, if tweak settings do not appear.
• Burp Suite certificate installed and trusted on the iPhone.

Required Sileo Sources:

Open Sileo and add the following sources if they are not already added.

AppStoreTroller

Repository:

https://nathan4s.lol/repo/

Original GitHub project:

https://github.com/mineek/appstoretroller

AppStoreTroller helps bypass the App Store iOS version restriction. This allows us to download or add applications that normally require a newer iOS version.

AppStore++

Repository:

https://cokepokes.github.io/

AppStore++ allows us to downgrade App Store applications to older versions.

In this case, we will use it to downgrade Potatso to a version that works on our current iOS version.

PreferenceLoader

Repository:

https://dhinakg.github.io/repo/

PreferenceLoader is needed if the tweak settings do not appear inside the iPhone Settings application.

#Step 1: Install AppStoreTroller

Open Sileo and install AppStoreTroller.

After installing it, respring the device if required.

Then open the iPhone Settings application and check if AppStoreTroller appears.

If AppStoreTroller does not appear in Settings, install PreferenceLoader from Sileo and respring the device again.

Step 2: Download Potatso from the App Store

After enabling AppStoreTroller, open the App Store and search for:

Potatso. Normally, the App Store may show that Potatso requires iOS 17 or later.

Using AppStoreTroller, you should be able to bypass this restriction and download or add Potatso to your Apple ID.

At this stage, Potatso may be installed, but it may not work correctly because the installed version still requires iOS 17.

So, we need to downgrade it.

# Step 3: Install AppStore++

Open Sileo again and install AppStore++.

After installing it, respring the device if required.

AppStore++ will allow us to choose an older version of Potatso.

# Step 4: Downgrade Potatso

Open the App Store and search for Potatso again.

Using AppStore++, open the downgrade or version selection menu for Potatso.

Select an older version that is compatible with your iOS version.

After the downgrade is complete, open Potatso and make sure it launches successfully.

# Step 5: Configure Burp Suite Listener

On your laptop, open Burp Suite.

Go to:

Proxy → Proxy settings → Proxy listeners

Create or edit a listener with the following settings:

• Bind address: 0.0.0.0
• Bind port: 8080

The iPhone and laptop must be connected to the same network or reachable subnet.

For example, if your laptop IP address is:

192.168.1.10

Then Potatso should later be configured to send traffic to:

• Proxy server: 192.168.1.10
• Proxy port: 8080

# Step 6: Enable Invisible Proxying in Burp Suite

This is an important step.

In Burp Suite, go to:

Proxy → Proxy settings → Proxy listeners

Select the listener on:

0.0.0.0:8080

Click Edit.

Go to the Request handling tab.

Enable:

Support invisible proxying

Then save the configuration.

The final Burp listener should be:

• Bind address: 0.0.0.0
• Bind port: 8080
• Invisible proxying: Enabled

Invisible proxying helps Burp handle traffic that is sent through the VPN/proxy setup, even if the application is not using a normal browser-style proxy connection.

Without this option, some requests may not appear correctly in Burp, or the application may fail to connect.

# Step 7: Install and Trust the Burp Certificate on the iPhone

To intercept HTTPS traffic correctly, the Burp Suite certificate must be installed and trusted as a root certificate on the iPhone.

First, make sure Burp Suite is running.

From Safari on the iPhone, open:

http://burp

Download the Burp certificate.

Then go to:

Settings → General → VPN & Device Management

Install the downloaded Burp certificate profile.

After installing the certificate profile, it still needs to be trusted manually.

Go to:

Settings → General → About → Certificate Trust Settings

Enable full trust for the Burp Suite certificate.

This step is very important.

If the Burp certificate is installed but not trusted as a root certificate, HTTPS traffic will not be intercepted correctly. The application may show certificate errors, TLS errors, or no traffic may appear in Burp Suite.

# Step 8: Configure Potatso

Open Potatso on the iPhone.

Add a new proxy configuration.

Use the laptop IP address and Burp listener port.

Example:

• Type: HTTP proxy
• Server: 192.168.1.10
• Port: 8080
• Authentication: Disabled, unless needed

The server must be the laptop IP address on the same network as the iPhone.

Save the configuration.

Then enable the Potatso VPN profile.

iOS may ask for permission to add a VPN configuration. Allow it.

Once Potatso is enabled, the iPhone traffic should be routed through Burp Suite.

# Step 9: Start Testing

Now open the target application.

In this example, the target application is a Flutter application, but the same idea can help with other iOS applications as well.

If everything is configured correctly, the application traffic should start appearing in Burp Suite.

You can now review the requests and responses from Burp Suite.

The traffic flow will be:

iOS App → Potatso VPN Proxy → Burp Suite → Server

# Final Checklist

Before testing, make sure the following points are completed:

• Potatso is installed.
• Potatso is downgraded to a compatible version.
• Potatso VPN profile is enabled.
• The iPhone and laptop are on the same network or reachable subnet.
• Burp listener is configured on 0.0.0.0:8080.
• Burp is reachable from the iPhone using the laptop IP address.
• Invisible proxying is enabled in Burp Suite.
• Burp certificate is installed on the iPhone.
• Burp certificate is trusted as a root certificate.
• Potatso is configured with the laptop IP address.
• Potatso is configured with port 8080.
• The laptop firewall allows incoming connections to port 8080.

# Important Note

This method is used to route iOS application traffic through Burp Suite.

It is not limited to Flutter applications. It can help intercept traffic from different iOS applications, depending on how the application handles network communication and certificates.

However, this method does not bypass SSL pinning by itself.

If the application uses strong SSL pinning or custom certificate validation, the traffic may still fail even after completing this setup.

In that case, another SSL pinning bypass technique may be required.

However, if the application trusts the iOS system certificate store or does not have strong SSL pinning, this method can be a fast and simple way to intercept the traffic.

# Conclusion

Using Potatso with AppStoreTroller and AppStore++ provides a simple way to route iOS application traffic through Burp Suite without using Frida scripts, reFlutter, or OpenVPN.

This setup is similar in concept to using Super Proxy on Android, where a proxy/VPN application is used to send mobile traffic to Burp Suite.

This approach can help with different iOS applications, but it is especially useful when testing Flutter applications because they may require more setup in some cases.

The main issue is that the latest Potatso version requires iOS 17 or later, while many Dopamine jailbreak devices are running iOS 15 or iOS 16.

By using AppStoreTroller, we can bypass the App Store restriction and download Potatso.

Then, by using AppStore++, we can downgrade Potatso to a compatible version.

After that, we configure Potatso to send traffic to Burp Suite, enable invisible proxying, and install the Burp certificate as a trusted root certificate on the iPhone.

This approach is simple, fast, and useful during authorized mobile application security testing.