Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Suite v2023.9.1 + rooted android 7 and 8 certificate unknown

rdinn | Last updated: Aug 14, 2023 04:00PM UTC

Hi Community, I want to see the http requests instagram apk on android is doing. We are part of the Whitehat Instagram / Facebook Developers which can turn off app cert pinning and tls1.3 from the official app. However, Burp is working when device is connected to proxy :8000 (tested with other ports) and is intercepting chrome and websites. But as soon as I open the Instagram app, I always receive a TLS Fatal alert, received certificate_unknown on b-www.facebook.com:443. Is this something from burps side? I have to say that everything works well with a Instagram APK ~1year old, as soon as I update to a newer one, it is not working anymore. Tested with a rooted Android 8 Nexus with certificate installed over terminal / shell. Testes as well with a Android 7 Hafury Mix with user certificate installed the old way. On both the exact same behavior. Old APK is working, as soon as I update on both devices, the error appears. What can I do?

Michelle, PortSwigger Agent | Last updated: Aug 15, 2023 10:35AM UTC