Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Install a certificate on an Android phone to be able to proxy the traffic coming/going from installed applications

José | Last updated: Jul 10, 2022 03:12AM UTC

I’ve followed the instructions present on: https://portswigger.net/support/configuring-an-android-device-to-work-with-burp and on https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-android-device to be able to use Burp as a proxy for my phone. I’ve tried renaming the file for .der to .cer but when I installed the .cer file on the phone I got the same security warnings that I did receive without installing the certificate. What I did was to convert the .der file to .pem using this command “openssl x509 -inform der -in cacert.der -out cacert.pem” to be able to install it on my phone, since my phone didn’t allow me to install the .der file as a certificate but it allowed the installation of the .pem file. I did so, and the security warnings disappeared! On your tutorial where you specify to “You can check the Certificate is installed by tapping the “Trusted credentials" button. Tap the "User" tab in the “Trusted credentials” window to show the PortSwigger CA certificate.” I did so and was able to see the certificate just like in your image on both cases stated above. My problem/bug is that, although I’m able to see the traffic generated by Chrome on my phone, I’m unable to see the traffic coming/going from installed applications. Can you please advise on what to do to be able to see the traffic coming/going from installed applications? Thanks in advance!

Ben, PortSwigger Agent | Last updated: Jul 11, 2022 10:31AM UTC