Try as I might I’m not able to intercept the TLS traffic from the IOS app in order to observe how the Origin for websocket upgrade is being misrepresented. While I can log onto the server via safari without and implicit proxy, using a Burp invisible listener and see the websocket origin etc. the traffic from the app(s) seems to be resisting the MitM, possibly it’s ignoring the burp suite CA? Either way I just keep getting the response. 961 493.001734922 172.17.0.1 10.42.0.57 TLSv1.2 73 Alert (Level: Fatal, Description: Handshake Failure)
Is there any other way to verify what the Origin the IOS app is setting for the websocket is? I know it’s supposed to be the ‘Server URL’ but that’s definitely set correctly.