Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Android version 9.1 doesn't intercept HTTP/HTTPS Traffic

Ramakrishnan, | Last updated: Aug 27, 2020 10:21AM UTC

Hello Team, I'm trying to intercept Http or HTTPS traffic to Burp Suite Server but doesn't success. Here are the steps I did: 1) Setup Burp suite Proxy (set Machine IP address instead of 127.0.0.1) 2) Setup Proxy Manual in my Mobile Wifi 3) Installed Burp Suite Certificate as trusted organization 4) Trying to intercept, but doesn't work. My requirement is to test in latest device, please let me know how to proceed further Device Details: OS: Android Version 9.1 Name: Redmi Note 7 Pro Thanks, Muthu

Ben, PortSwigger Agent | Last updated: Aug 27, 2020 10:32AM UTC

Hi Muthu, To confirm, with the setup that you have carried out you are unable to see HTTP traffic pass from the browser on your Android device to Burp (browsing to http://example.com is usually a good test for this)? If so, that would suggest your configuration is not quite right. Have you followed the steps below when configuring this (make sure that you configure the Burp Proxy Listener to use the "All interfaces" option under "Bind to address"): https://portswigger.net/support/configuring-an-android-device-to-work-with-burp Proxying HTTPS traffic is slightly more complex because Android Nougat (7.0 and above) no longer trusts user or admin supplied CA certificates. To get this to work you have to install the Burp CA certificate at the OS level, which usually means having to root the device.

Ramakrishnan, | Last updated: Aug 27, 2020 11:56AM UTC

Hi Ben, Thanks for quick reply. Yes, I followed the step as mentioned in the page. https://portswigger.net/support/configuring-an-android-device-to-work-with-burp Here are the observation: After the setup steps provided in my previous post, I'm able to connect burp suite machine for eg., (http://ipaddress:port (which is set as proxy)) in Android browser but I'm not able to connect http://burp. I suspect may be it's related to certificate as I installed as user level not OS level. Could you please suggest me how to install OS level? Any recommendations. Thanks, Muthu

Ben, PortSwigger Agent | Last updated: Aug 28, 2020 08:26AM UTC

Hi, You should be able to proxy HTTP sites from your Android device without the Burp certificate. This is normally a good test to check that your connection setup is good. If this is not working then it suggests that something is wrong somewhere. It might be useful if you could send us some screenshots of your configuration via email (support@portswigger.net) so that we can take a look at what you have setup.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.