Using SquidMan to snoop iOS HTTP requests

If you need to inspect HTTP requests made by iPhone or iPad applications, a simple approach is to use SquidMan on your Mac.

The basic approach is as follows:

  1. Run SquidMan on your Mac
  2. Change the proxy settings on your iOS device to point to the SquidMan server
  3. Start tailing the Squid logs on your Mac
  4. Use the application you want to inspect
  5. Watch as requests appear in the log
  6. Save the logs if needed

In order for this to work, you’ll need a Mac and your iPhone or iPad to be connected to the same wireless network.

Install and run SquidMan

SquidMan is a simple GUI front-end for the Squid caching proxy server. Download the latest version and install it as you would any other OS X application.

When you first run SquidMan, the Preferences panel will be displayed. You only need to do two little tasks in here.

Firstly, take a note of the HTTP port number that Squid uses. You may need to change this port if you’re already using it somewhere else on your system.

SquidMan preference panel

Secondly, you’ll need to provide proxy services for your iOS device. To do this follow these steps:

  1. On your iPad or iPhone, launch the Settings application and select the Wi-Fi section.
  2. Under the Choose a Network… section you should see your wireless network listed. Touch the blue arrow to the right of the entry.
  3. If the DHCP tab is selected, you’ll see an IP address listed. Make a note of this.
  4. Back in the SquidMan preferences, choose the Clients tab.
  5. Click the New button to add a host
  6. Enter the IP address you noted from the iOS device settings and click Save.

iPad proxy settings

Close the preferences pane and click the Start Squid button to get going. SquidMan should inform you that Squid is now running.

SquidMan GUI when running

Change iPhone or iPad proxy settings

You first need to make a note of your Mac’s IP address on the wireless network.

  1. Open the Network panel under System Preferences
  2. Open either the Ethernet or AirPort section depending on how your Mac connects to the network.
  3. The IP address should be listed there. For the sake of example, we’ll use 192.168.0.102.

Mac OS X Network preference pane

You should have an IP address and a port for the proxy server. You can now tell your iPhone or iPad to use this proxy server when it accesses the internet using your wireless network.

  1. Back on your iPhone or iPad with your Wi-Fi settings page still open you should see an HTTP Proxy section.
  2. Select the Manual tab. You should now see form fields for the Server and Port.
  3. Enter the IP address of your Mac into the Server field
  4. Enter the SquidMan port value you noted earlier into the Port field
  5. Exit the Settings application

At this point you can check that internet access is still working by launching Mobile Safari. If you are getting access denied messages, you need to make sure that Squid is set up to provide access to each device.

Tail Squid logs

There are two ways you can inspect Squid logs: from within SquidMan, or through the Terminal.

In SquidMan

  1. Simply open the SquidMan | Tools menu option or hit [COMMAND]-T.
  2. Click the Access Log button. You’ll need to click this again to manually refresh the logs.

The example below shows a sample log from the BBC News app. They appear to have code-named the project ‘Moira’, most likely as a dedication to newsreader Moira Stewart

Access log in SquidMan

In Terminal

You can easily tail the Squid request logs to see what requests are being made through the proxy as soon as they are made.

To do this, open a Terminal window and run the following:

$ tail -200f ~/Library/Logs/squid/squid-access.log

Whilst the logs will not give you more than the basic details of the request and response, it is enough in most cases to see what is going on behind the scenes of a typical iOS application.