Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I sniff packets of a http game?

Richard | Last updated: Aug 12, 2018 04:58PM UTC

I have a game, and I converted it’s commincation with the server from https to http so that the endpoint would be http instead. Now all the packets are decrypted and no longer protected. How do I sniff the game now, because a normal Http Proxy gives me errors such as in Alerts it shows: Certificate unknown, etc. I then install SSL certificate on my device but that is for https :/ I then can not access the packets that much either. Someone said to set a transparent proxy, will that work?

Liam, PortSwigger Agent | Last updated: Aug 13, 2018 07:45AM UTC

Have you tried using WireShark to see exactly what traffic is being sent by the application? The "Certificate unknown" error suggests the application is using HTTPS. Are you using an Android device? Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. We recommend that you use an older version of Android for your testing. If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator.

Burp User | Last updated: Aug 13, 2018 04:45PM UTC

@Liam Tai-Hogan hi, it is a HTTP game not https, I installed CA certificate and everything and I have an Android Lollipop. I can catch all the packets with A SSL Packet Capture on the Play Store but not with Burp Suite :( How can I catch SSL Packets with http game?

Liam, PortSwigger Agent | Last updated: Aug 14, 2018 07:57AM UTC