Debug an iPhone

This page walks through pointing an iPhone or iPad at Probe — Wi-Fi proxy, CA install, and trust toggle. Read the Mobile Setup overview first if you haven’t seen the four-step flow.

Prerequisites

• iPhone / iPad on the same Wi-Fi as the computer running Probe.
• Probe running. Note the LAN IP shown in the toolbar status card — call it <host-ip> below (e.g. 192.168.1.42).
• The proxy listens on port 9099; the CA cert download page lives on port 9098.

1. Set the Wi-Fi proxy

iOS configures the HTTP proxy per Wi-Fi network. The setting stays on until you change it or forget the network.

1. Open Settings → Wi-Fi.
2. Tap the (i) icon next to the connected network.
3. Scroll to HTTP Proxy and tap Configure Proxy.
4. Choose Manual.
5. Set Server to <host-ip> and Port to 9099. Leave Authentication off.
6. Tap Save in the top-right corner.

Caution

This proxy applies only to the current Wi-Fi network. Joining a different network — even briefly — falls back to no proxy. If you keep losing the setting, double-check you didn’t switch SSIDs.

At this point HTTP traffic from the phone will start landing in Probe, but every HTTPS request will fail with a certificate error. That’s expected — the next step fixes it.

2. Install the CA profile

Probe serves its CA over plain HTTP on port 9098. The server detects the platform from the User-Agent and returns the right format directly — for iOS that’s a .mobileconfig configuration profile.

1. Open Safari on the phone — not Chrome, not Firefox. iOS only triggers the profile install flow from Safari.
2. Visit http://<host-ip>:9098 (e.g. http://192.168.1.42:9098). If auto-detect ever misfires, hit http://<host-ip>:9098/download/ios for the explicit path.
3. Confirm Allow when iOS asks whether to download a configuration profile.
4. Open Settings. A new entry Profile Downloaded appears near the top — tap it.
5. Tap Install in the top-right, enter your passcode, and tap Install again on the warning sheet.

The profile is now installed but not yet trusted. iOS treats user-installed CAs as inert until you explicitly opt in — this is the step that catches most people.

3. Trust the CA for SSL

1. Open Settings → General → About → Certificate Trust Settings.
2. Find Probe CA in the list under Enable Full Trust for Root Certificates.
3. Toggle it on. Confirm the warning dialog.

For the precise steps with screenshots and notes about iOS 16+ behaviour, see Install the CA on iOS.

4. Confirm in Probe

Open any HTTPS site in Safari — https://example.com is enough. Within a second or two:

• The phone’s IP shows up under DEVICES in the Probe sidebar.
• The request appears in the log table with full headers and body.
• The detail panel’s Summary tab shows the resolved remote address and timing.

If the device entry doesn’t appear, the most common cause is that the trust toggle in step 3 isn’t on yet — re-check Certificate Trust Settings.

App-level limits

A handful of iOS apps will not be debuggable through Probe no matter how the proxy and CA are set up:

• Apps that pin certificates (most banking apps, some chat apps, payment SDKs) reject any CA they didn’t ship with. There’s no workaround at the proxy layer; you’d need an unpinned build.
• App Transport Security with strict pinning hashes the expected certificate at build time.
• Network extensions and VPN apps can route around the system proxy entirely.

For your own apps, you control pinning — for everyone else’s, expect a percentage to be opaque.

When you’re done

Either flip HTTP Proxy back to Off in the Wi-Fi settings, or just stop Probe — without the proxy reachable, the phone will fail every request, which is a clear cue to disable it.

Next steps

Capturing Traffic Read a captured request, search, copy as cURL.

Domain Watch Hide noise from third-party domains you don't care about.

Sessions Save a snapshot of captured traffic and reload it later.