Burp Suite User Forum

Create new post

Amazon Alexa interception in Burp

Garry | Last updated: Sep 07, 2018 08:12AM UTC

Hi , Can you please tell me how to intercept traffic from 'Amazon Alexa' device on Burp tool? Alexa is a device capable of voice interaction, music playback, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, and providing weather, traffic, sports, and other real-time information, such as news. My requirement is to detect vulnerability in a setup where 'Alexa' is used. Eg. business meetings.

PortSwigger Agent | Last updated: Sep 07, 2018 10:11AM UTC

Hi Garry, Thanks for getting in touch. We've not tested Alexa specifically, but the principle is the same as any other device. You configure it to use Burp as a proxy. Or if it doesn't have proxy configuration you use this approach: - https://support.portswigger.net/customer/portal/articles/2899081-using-burp-s-invisible-proxy-settings-to-test-a-non-proxy-aware-thick-client-application It's possible that Alexa takes steps to stop you doing this - such as certificate pinning. However, the availability of open-source projects like below suggest that it does not: - https://github.com/ewjmulder/alexa-proxy Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.