Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I setup burpsuite to test android apps using an emulator?

Zack | Last updated: Sep 05, 2019 05:47PM UTC

Hi, I'm trying to setup burpsuite to test my company's android app using android studio's emulator. You used to be able to use an app called ProxyDroid and FS Installer, but ProxyDroid is no longer available on Google Play. Does anybody know a solution to use burpsuite as a proxy for testing android apps in an emulator?

Mike, PortSwigger Agent | Last updated: Sep 06, 2019 12:31PM UTC

Hi Zack, we have an article on our support center on how to use Burp Suites to test Android applications. https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp

Burp User | Last updated: Sep 10, 2019 04:58PM UTC

@Mike Eaton, This solution only works for testing on a browser inside Android. I'd like to be able to configure Burpsuite to be a Proxy for testing apps. Whenever I open an app with Burpsuite configured for Android, I get an error that says the connection has timed out. Is there a solution out there that's specific for testing android apps?

Mike, PortSwigger Agent | Last updated: Sep 11, 2019 09:53AM UTC

Does this Android application send and receive HTTP requests? as this is what Burp Suite uses to map and test your application for vulnerabilities. Have you tried configuring the proxy settings for your emulated Android environment within your emulator?

Burp User | Last updated: Sep 11, 2019 06:38PM UTC

@Mike Eaton Yes, it does send and receive HTTP requests. I've configured the proxy settings following one of the guides on portswigger support. The only thing I can think of that might be causing issues, when I installed the burp certificate, it installed onto the user section instead of the system section on the android emulator. Would that make a big difference? I can still view requests from the emulator's browser, but I can't view them from inside our app or any other app.

Mike, PortSwigger Agent | Last updated: Sep 12, 2019 10:49AM UTC

Hi Zack, Yes, we advise installing your certificate as close to the root level of the system as possible as opposed to user-level configuration. So it would be worth applying that to your emulator and trying again. Do you have a link for the guide you used to configure your proxy settings?

Ben, PortSwigger Agent | Last updated: Oct 09, 2019 11:40AM UTC

Thank you for the further information. We are glad to hear that you now have this working.

Burp User | Last updated: Jan 27, 2020 08:55AM UTC