How to see what request data network service proxy is sending to attester.gateway.icloud.com

Question

Level 1

4 points

Hey I'm testing out a cool feature Apple announced a while ago Challenge: Private Access Tokens - Discover - Apple Developer.

In my Console App, I'm seeing networkserviceproxy sends a message

Fetched device identity certificate successfully

and subsequently

Sending request for https://attester.gateway.icloud.com/token-request?issuer=xxx

I was wondering if any of the data above is accessible by me? More specifically,

What does "fetch device identity certificate" mean? What "device identity certificate" does it fetch?
What request was sent to the site attester.gateway.icloud.com?

For more information, my Mac is on OS 13.6.6

Thanks in advance

Posted on May 22, 2024 3:09 PM

Reply

Answer 1

You can try using mitmproxy, but I’d not be hopeful about that allowing access to the TLS traffic.

More info on private access tokens that might help better understand this topic:

Reply

Answer 2

Level 1

4 points

Yeah I tried mitmproxy, I don't think it exposed the traffic sent to attester.gateway.icloud.com

I read the cloudflare blog it doesn't seem like it talks about how the client -> issuer communication works.

I actually read about https://www.ietf.org/archive/id/draft-private-access-tokens-01.html#name-client-to-mediator-request I was imagining the request under the hood looks similar to that. But not sure what it looks like without being able to intercept it

Reply