Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

[Android] Intercept Traffic Issue

Mahendra | Last updated: Jan 24, 2019 11:41AM UTC

ok straight to the point : Device : Android 5 (Already Inject Certificate from burp suite) Burpsuite : 1.7.37 i try browsing to google to make sure certificate installed correctly by NOT displaying "your connection is not secure" ==> burp suite can intercept without problem. but here's the main problem, i have scenario like this : our main test server behind cloudflare, here's the topology (example IP address) : USER ==> 15.15.15.15 (Cloudflare : 443 - Reverse Proxy) ==> 16.16.16.16 (Main Server : 8123) Burpsuite setting : Using Wifi Proxy : all interface Port 8080 so the topology : Pentester (proxy 8080) ==> Burpsuite ==> 15.15.15.15 (Cloudflare : 443) ==> 16.16.16.16 (Main Server : 8123) Burpsuite cannot intercept any traffic from android apps, and when i back to browser it can intercept perfectly. what's wrong here, i still figuring out until now and yes ... no luck :( any advice or idea ? regards, Mahendra M.W.

Liam, PortSwigger Agent | Last updated: Jan 24, 2019 02:49PM UTC

What seems to be the issue with intercepting traffic from your device? Are you seeing any error messages? Have you tried using WireShark to take a look what is happening to the traffic? Is it possible that the application is using certificate pinning?

Burp User | Last updated: Jan 25, 2019 04:14AM UTC

Hi Liam, what if the apps use certificate pinning ? Regards, Mahendra M.W.

Liam, PortSwigger Agent | Last updated: Jan 25, 2019 08:23AM UTC