HTTP Proxy Detection

A system-wide HTTP proxy configuration can force all HTTP (and, in some cases, HTTPS) requests from your app to pass through a proxy server. This is a potentially harmful behavior since the proxy server can then inspect or even modify request payloads.

Malwarelytics for Apple is able to detect that an HTTP proxy is active on the device and can be configured to terminate the app in that case.

Configuration

let raspConfig = AppProtectionRaspConfig(
    httpProxy: DetectionConfig
    // configuration of other RASP features
)

Available values of DetectionConfig:

Value Description
.noAction indicates that the HTTP proxy will not be automatically detected. A manual check is still possible.
.notify indicates that the HTTP proxy will be automatically detected and the delegates will be notified via the httpProxyEnabled() method.
.exit(
exitUrl: String?)
indicates that the HTTP proxy will be automatically detected and the app will be terminated when the HTTP proxy is automatically detected.

HTTP proxy detection defaults to .notify.

List of available parameters for some config values:

Parameter Description
exitUrl: String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to nil.

Usage

After service creation, the HTTP proxy detection feature can be accessed via AppProtectionRasp. This can be used to add a delegate or to trigger a manual HTTP proxy detection check.

Observing Detection

HTTP proxy detection can trigger a certain action. To achieve that, a delegate needs to be added.

Delegate configuration:

class RaspDelegate: AppProtectionRaspDelegate {

    // other delegate code

    func httpProxyEnabled() {
        // handle HTTP proxy detection
    }
}

The delegate can be added in AppProtectionRasp. When it is no longer needed, it can be removed again.

let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)

Triggering a Manual Check

HTTP proxy detection check can be triggered manually in AppProtectionRasp by getting the isHttpProxyEnabled property value. A simple Bool answer is given.

let isHttpProxyEnabled = appProtection.rasp.isHttpProxyEnabled

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Apr 11, 2024 (08:13) View product
Search

3.0.x

Malwarelytics for Apple