Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Help with mobile app testing

HappyGilmore | Last updated: Apr 23, 2020 12:38PM UTC

Okay, I have android studio download and working with android 9. I can go to any website that has https enable. Without little issues with TLS negotiations. I see the traffic in burp suite pro as I should. I am testing out this app, which is not available to public. Before I enable burp proxy setup with the app. I made sure I can get into the app without any issues to verify no issues. I am getting this error message right before I get into the app. "There has been an error while processing the login information. java.security.cert.CertPathValidatorException: Trust anchor for certification path not found." From my noob looking I do not think they are using pinning certification. So, I did another test. I login into the app, then enable the burp proxy did a simple entry test to a field box then press search. Then I got this error message. "error connecting with the backend. if this continues, please restart the app (10003)" Any help with this would be great and thank you Adam

Liam, PortSwigger Agent | Last updated: Apr 24, 2020 07:01AM UTC

Just to clarify, you get the java.security.cert.CertPathValidatorException error when you proxy via Burp? Is it just this applictation causing this error? Are you able to proxy traffic from other applications?

HappyGilmore | Last updated: Apr 24, 2020 12:24PM UTC

Good Day Liam, Just to clarify, you get the java.security.cert.CertPathValidatorException error when you proxy via Burp? That is correct Is it just this applictation causing this error? that is correct Are you able to proxy traffic from other applications? I do not have anything besides the default apps that come with android phone. I can open, youtube, google maps I can use chrome browser loads webpages no issues. Login into yahoo mail. Is there app you would like me to test out to see if I get that error as well. I did create a google account for this, just have not seen a reason why to use it yet. Cheers Liam

Liam, PortSwigger Agent | Last updated: Apr 27, 2020 01:12PM UTC

I hope you're well Adam. I've been looking for some resources to help with your issue. I haven't found anything up to date or useful: - https://stackoverflow.com/questions/25122287/java-security-cert-certpathvalidatorexception-trust-anchor-for-certification-pa - https://developer.android.com/reference/java/security/cert/CertPathValidatorException Which version of Java are you using with Burp? Have you tried using another version?

HappyGilmore | Last updated: Apr 28, 2020 01:59PM UTC

Good Day Liam I have been looking too. Can't not see anything new to help with this. Only thing I read a couple of different places is the difference between system CA and burp CA trust levels in the new android OS. Since this is a emulator you think you could get the cert into the trust listed. I some how I did miss the developer.android.com/reference/java/security/cert/CertPathValidatorException information. I will check this out Here is the java I am using on my windows 10 laptop C:\Users\adam.coombs>java -version java version "1.8.0_251" Java(TM) SE Runtime Environment (build 1.8.0_251-b08) Java HotSpot(TM) 64-Bit Server VM (build 25.251-b08, mixed mode) Here is the information I found in about android studio information Andriod 3.6.3 Runtine version 1.8.0_212-release-1586-b04 amd64 VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o Burp Suite Pro Version burpsuite_pro_windows-x64_v2020_2_1 I just got a notice today I need to update my burp suite pro to the new version. I will do that and see If this helps. Is there a version of Burp Suite you would like me to try? Thank you for continuing to help me with this !!! Cheers Liam Adam

Liam, PortSwigger Agent | Last updated: Apr 29, 2020 08:26AM UTC

Thanks for the information, Adam. Could you try using the latest platform installer version of Burp? This comes bundled with an updated version of Java.

HappyGilmore | Last updated: May 05, 2020 02:35PM UTC

Sorry for the really late reply to this liam!! App testing got cancel for now, I will update this when the app testing is back on. Cheers Adam

Liam, PortSwigger Agent | Last updated: May 05, 2020 07:02PM UTC