DEV Community

DataStack
DataStack

Posted on

How to Perform Proxy Packet Capture and Data Flow Analysis on Mac

#mobile #software

When debugging networks on macOS, packet capture is usually the first step.
For example:

  • App fails to request an API
  • An API returns abnormal data
  • Need to confirm parameters sent by the client

For these issues, relying solely on code logs makes it difficult to judge network behavior; packet capture allows direct viewing of requests and responses.

Below, through a debugging process, several common methods for packet capture on Mac are introduced.

1. First, Capture Network Requests from the Mac Itself

If you need to view network requests from programs on the Mac itself, such as:

  • Browser accessing APIs
  • Desktop applications calling interfaces

The simplest method is to use proxy packet capture tools, such as:

  • Charles
  • Proxyman
  • SniffMaster

These tools run locally and intercept requests via proxy.

Configuring Proxy Packet Capture

Steps are as follows:

  1. Start Charles or SniffMaster on Mac
  2. Check the proxy listening port, e.g., 8888
  3. Enable system proxy in macOS network settings
  4. Set HTTP and HTTPS proxy to the local address
  5. Save settings

Once done, local network requests will first pass through the proxy tool.

Installing HTTPS Certificates

If requests use HTTPS, you need to install proxy certificates.

Steps:

  1. Access the certificate address provided by the proxy tool in a browser
  2. Download the certificate
  3. Install the certificate in macOS Keychain
  4. Set the certificate to Always Trust

Once done, the proxy tool can decrypt HTTPS requests.

Verifying Successful Packet Capture

Open a browser and visit an HTTPS website.

If request records appear in the proxy tool and response content can be viewed, the packet capture environment is established.

2. Capturing iPhone Network Requests on Mac

If you need to debug network behavior of an iOS App, you can route iPhone traffic through the Mac.

The common method is still proxy packet capture.

Setting Up iPhone Proxy

Steps:

  1. Connect iPhone and Mac to the same Wi-Fi
  2. Open iPhone Settings → Wi-Fi
  3. Tap the current network
  4. Under HTTP Proxy, select Manual
  5. Enter the Mac's IP address
  6. Enter the proxy port (e.g., 8888) Port Configuration Save and return to the home screen.

Installing iOS HTTPS Certificates

In iPhone Safari, access the certificate address provided by the proxy tool:

  1. Download the profile
  2. Install the certificate
  3. Enable certificate trust in iOS Settings

Once done, the proxy tool can decrypt iOS HTTPS requests.

Testing App Network Requests

Open the App and trigger network operations, such as:

  • Login
  • Loading a list
  • Submitting a form

In the proxy tool, you can see:

  • Request URL
  • Headers
  • Request body
  • Response content

3. When Proxy Fails to Capture App Requests

Sometimes, this situation occurs:

  • Safari requests can be captured
  • App requests have no records

This indicates the App is not using the system proxy.

In this case, further adjusting proxy settings won't change the outcome.

Device-level packet capture is needed.

4. Using Device-Level Packet Capture Tools on Mac

Device-level packet capture directly reads network data from the device side.

In this scenario, you can use SniffMaster.

Using SniffMaster to Capture iOS Traffic

Steps:

  1. Connect iPhone to Mac via USB
  2. Keep the device unlocked
  3. Tap Trust This Computer on the phone
  4. Launch SniffMaster
  5. Select iPhone from the device list
  6. Follow prompts to install the profile
  7. Enter HTTPS Brute Force Capture Mode
  8. Click Start

Then trigger network requests on the phone.

Corresponding HTTPS requests will appear in the capture interface.
Brute Force Capture

Viewing Only a Specific App's Traffic

Device-level capture includes system network traffic, such as:

  • DNS requests
  • Apple service connections

To more easily locate target requests, you can:

  1. Click Select App
  2. Check the target application
  3. Trigger network operations again

The capture list will only show that App's requests.
App

5. Analyzing TCP or UDP Network Issues

If debugging involves network connection issues, such as:

  • Request latency
  • Connection drops
  • Packet loss

Data flow packet capture can be used.

SniffMaster supports capturing:

  • TCP data streams
  • UDP data streams

Data Flow Capture

After capture, data can be exported to Wireshark for analysis.

In Wireshark, you can view:

  • TCP three-way handshake
  • Data retransmissions
  • Connection closure reasons

6. Use Cases for Different Packet Capture Tools

In network packet capture, different tools serve different purposes:
| Tool | Capture Method | Main Use Case |
| ------------ | ---------------- | ---------------------- |
| Charles | Proxy Capture | HTTP / HTTPS Debugging |
| Proxyman | Proxy Capture | HTTPS Debugging |
| SniffMaster | Device-Level Capture | iOS Network Data |
| Wireshark | Network Layer Capture | TCP / UDP Analysis |

When debugging networks on Mac, you can follow this sequence:

  1. Use proxy capture tools to view HTTP / HTTPS requests
  2. If proxy fails to capture requests, use SniffMaster for device-level capture
  3. If network connection analysis is needed, export data to Wireshark

This approach covers most packet capture scenarios.

Reference link: https://www.sniffmaster.net/

Top comments (0)