how to set up a cache proxy server for itunes app store

Question

I want to setup a cache proxy server for apple itunes store to accelerate app downloading in a local lan.

Situation:

• Local internet speed is slow and bandwidth is limited, so it'll take sometime to download whole app from itunes store.
• I want do this to accelerate an app download speed in a wifi hotspot situation. So I only need to accelerate one app's download speed, which will be download many many times by many many people in the local lan.

For itunes app download must have relate to user auth and purchase, it seems there're no obvious way to do the cache.

So is this accelerate possible and how?

Answer 1

Update:

Apple has made content caching as a function available in non-server version of MacOS since High Sierra.

https://support.apple.com/guide/mac-help/about-content-caching-mchl9388ba1b/10.13/mac/10.13

I agree with answers above, it's probably not easy to do what you said using 3rd party applications.

BUT

Apple has it's own solution for that, OS X Server, it has a function called Caching server:

https://www.apple.com/osx/server/features/#caching-server

Caching Server speeds up the download and delivery of software through the App Store, Mac App Store, iTunes Store, iTunes U, and iBooks Store. And now it can be used in even more network environments because it supports caching content in non-NAT networks. When a user on your network downloads new software from Apple, a copy is automatically stored on your server. So the next time other users on your network update or download that same software, they actually access it from inside the network.

This is not free, but it does what you want to be done

Answer 2

This is probably not possible as I think iTunes transmits only over an SSL secured channel and therefore can't be intercepted without a lot of hacking and custom software. I think it's their intent that you cannot easily get the software packages.

Answer 3

iTunes purchases happen over SSL, so that makes this incredibly hard. On top of that, a UUID for each device is now (usually) tied into each download, so that each download is actually slightly different.

This isn't going to work the way you want it to.

Answer 4

You will need to setup a local MITM SSL proxy server and then stage the traffic over to a cache proxy for the actual bits of the download. This could work, unless iTunes/iOS is doing a cryptographic check on the presented SSL cert. In that case, it will not be possible. Worth a check with a MITM SSL Proxy to see if you can fake out the cert through... if that works, then it all falls into place.

Answer 5

You can try an SSL MITM(Man in the Middle) Proxy, these are available, both commercially and open source(ly).

Two things to be aware of thought, if iTunes does strict checking of the certificate fields this might not work. And as mentioned by @MDmarra above device UUIDs might be an issue. This is completely application (iTunes) dependent.

... proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web browser) are dynamically generated/signed by the proxy and contain most of the same fields as the original webserver certificate. The subject DN, serial number, validity dates, and extensions are preserved. However, the issuer DN is now set to the name of the proxy's self-signed certificate and the public/private keys of the proxy are used in creating the forged certificate. These forged certificates are cached (in memory) by the proxy, for better performance.

From: http://crypto.stanford.edu/ssl-mitm/

Also a good run down of issues by someone who tried the same thing:

https://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/

There's an application called iOS SSL Kill Switch noted in that article. This is not specifically what you need but it might be a piece of the puzzle.