[Bug]: Firebase Write Requests not showing up on IOS

[KowalskiStan]

Has this been reported before?

• I have checked for existing reports of this issue

Repro steps

When Intercepting an app that Writes /Listens to the Firebase directly, the request doesnt show up for ios devices but does for android.

How often does this bug happen?

Every time

The desktop OS you're using

Windows 11

Details of other apps/devices

iPhone 8

Error screenshot

No response

Any other info?

No response

[pimterry]

How do you know the app makes Firebase requests on iOS? That it does so on Android doesn't mean it necessarily does the same on iOS.

Can you please share the details of the app, and the exact steps you've followed to set up interception in this case, so this can be reproduced?

[KowalskiStan]

i am setting up a proxy with a certificate on ios, I am 100% sure the app does requests to firebase as I know the app developer its called "Turn Up". And they dont show up in http toolkit.

[KowalskiStan]

proxy via IP

[KowalskiStan]

on Android

on IOS

[pimterry]

I've just put out a new release, which improves quite a few details around HTTP/2, and thereby fixes various other Firebase issues. Can you test whether it resolves this for you too?

To do so, you need to:

• Launch HTTP Toolkit, wait a minute so it can update in the background, then close and restart it
• In the Pro settings, enable HTTP/2 for all traffic (under Proxy Settings) and click the button to restart the proxy
• Try to intercept your traffic again

Let me know if that works for you!

HTTP/2 is likely to be enabled as the preferred protocol for all traffic by default soon if these fixes go well, so this won't require changing settings to do this in future.

[KowalskiStan]

still don't see any write requests

[KowalskiStan]

Same Issue, write and listen requests dont show up for firebase even with the new Frida IOS thing

[KowalskiStan]

@pimterry

[pimterry]

Hi @KowalskiStan, I don't have any answers for you I'm afraid. The iOS Frida internals are here if you're interested. This includes a hook for all TCP connections from the given app (modifying the address of all calls to the iOS connect() method here) to redirect every single TCP connection via HTTP Toolkit. I'm not aware of any way that iOS HTTP request connections can avoid this (cert trust isn't guaranteed, and there could plausibly be protocol issues in some cases, but the traffic must go via HTTP Toolkit so you always see something for every connection).

If you can explain why some traffic isn't captured by this, I'd love to hear about that.

The best way to investigate this in depth is probably to create & explore a smaller test example: build yourself a tiny iOS app that uses Firebase and makes requests, and then check that with HTTP Toolkit. In that case, you'll know exactly when and how requests are being made, and if they don't appear your can directly debug into the code to see why not.

If you find any specific reproducible issues please share the code and examples and that can be further explored, or you're welcome to open a PR to the above Frida scripts directly if you have a solution.