How to Track URLs Opened by iOS Apps

Some iOS apps don’t expose the URLs they open. Intercept their network traffic and read the exact links.

Method 1: Intercept via Mac Proxy (Wi‑Fi)

Use Charles, Proxyman, or mitmproxy on macOS. Configure iPhone Wi‑Fi to route traffic through your Mac and install the proxy’s root certificate for HTTPS decryption.

Step 1 — Install a proxy

• Charles Proxy (trial, paid)
• Proxyman (free basics)
• mitmproxy (free, CLI via Homebrew)

Step 2 — Point iPhone to the proxy

• Same Wi‑Fi for Mac and iPhone
• iPhone → Settings → Wi‑Fi → (i) → HTTP Proxy → Manual
• Server: your Mac’s IP, Port: tool default (Charles 8888, mitmproxy 8080)

Step 3 — Install and trust the SSL certificate

• From the proxy tool, enable SSL proxying and open its mobile cert URL in Safari (e.g., chls.pro/ssl)
• Install profile: Settings → General → VPN & Device Management
• Trust it: Settings → General → About → Certificate Trust Settings → enable full trust

Step 4 — Capture

• Start recording in the proxy
• Use the target app and trigger the in‑app link
• Inspect GET/POST requests; filter by domain to find the exact URL

Method 2: USB Packet Capture (No Wi‑Fi)

Capture via a virtual interface with Xcode’s rvictl and analyze in Wireshark. HTTPS stays encrypted unless you add decryption.

# 1) Find device UDID in Finder (Device > Get Info)
# 2) Create Remote Virtual Interface
rvictl -s <UDID>          # creates rvi0

# 3) Open Wireshark and capture on rvi0
#    Use filters like:
#    http
#    tls && ip.addr == <target_ip>

# 4) Stop capture
rvictl -x <UDID>

Notes:

• You’ll see full URLs for HTTP.
• For HTTPS, you need man‑in‑the‑middle decryption (use the proxy method) or app‑specific keys; many apps use certificate pinning which blocks decryption.

Troubleshooting

• No traffic? Verify: – iPhone proxy is set correctly and on same network – Proxy recording is on – Certificate installed and trusted for HTTPS
• Still nothing? Some apps bypass system proxy or use certificate pinning.
• Quick sanity check: load google.com in Safari and confirm it appears in the proxy.
• Clean up when done: – Remove HTTP Proxy from Wi‑Fi settings – Remove/trust‑off the installed certificate to avoid warnings

Free and Paid Tooling

• Proxyman (native macOS, iOS interception focused)
• mitmproxy (FOSS CLI with powerful scripting)
• Charles Proxy (mature UI, paid after trial)
• Wireshark (analysis for USB captures)
• iOS apps for on‑device capture: HTTP Traffic Capture, WebProxyTool (limited vs desktop)

Security and Ethics

• Intercept only your own devices and apps you have permission to test.
• Remove certificates after testing.
• Expect some apps to enforce pinning; do not bypass protections without authorization.

When to Use Which

• Need full HTTPS request/response bodies and URLs: Proxy on Wi‑Fi with trusted root certificate.
• Corporate Wi‑Fi restrictions or unstable Wi‑Fi: USB capture for stability; combine with proxy on a tethered network if possible.
• App blocks proxies (pinning): You may only see destination IPs/SNI (if any) without decrypted URLs.