Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Intercept flutter app on android device and ios devoce

Yogendra | Last updated: Jul 25, 2024 08:06AM UTC

Hi, I have configured both android and ios devices with the Portswigger certificate and browser logs for both devices are getting logged in Burp suite. Also the logs from Native ios app are getting logged in Burp suite. However the logs from flutter app for both Android and ios devices are not getting tracked. Please share documentation to log the api from flutter mobile applications. Thank You

Ben, PortSwigger Agent | Last updated: Jul 25, 2024 12:14PM UTC

Hi Yogendra, Flutter applications will only adhere to the system proxy on mobile devices if they have been specifically programmed to do so - it sounds likely that the application that you are trying to test is sending requests directly and outside of the system proxy (if the application is functioning as expected and you are not seeing requests in Burp)? We do not have any specific documentation on how to proxy traffic from applications written in this framework and this is beyond the type of support that we would be able to provide. For Android devices, we have seen people having success using the ProxyDroid app (which forces all traffic from the device to use the system proxy via the use of IP tables). This might be something you could look into using.

Umair | Last updated: Sep 25, 2024 05:52AM UTC

I got stuck in this and was able to SOLVE IT. 1. I tried the normal way, by proxying the WIFI but didn't work because the APK I was testing is a flutter app. 2. Tried changing the proxy in the emulator, but it didn't boot the android device. 3. Then tried Proxydroid and similar apps, It didn't proxy to burp properly. Showed I have network issues after turning on the proxy. 3. Then tried reflutter, SSL pinning bypass and every possible thing and still it was the same. 4. Then I FOUND THE WAY to connect with HTTP Toolkit. You can get it from here: https://httptoolkit.com/ Steps to connect: ------------------ 1. Installed HTTP Toolkit (available for Linux/ Windows). 2. Turn the android device on. 3. Go to HTTP Toolkit and select (Intercept > Android App via Frida)or (Intercept > Android Device via ADB)[This feature worked for me well than choosing frida option since its still at developing phase] 4. It will do all the necessary configurations and a connection request will pop up in your android device. Accept and test your app. The requests will proxy through HTTP Tool kit. (At this point, check the requests proxy through toolkit) HTTP Toolkit allows you to capture and modify the requests in pro version. 5. To connect to Burpsuite. Go to HTTP Toolkit > Settings > Connection Settings a. Set proxy as "Use an HTTP Proxy" b. Set HTTP host proxy details as "<IP OF THE BURPSUITE MACHINE>:<PORT>" of the machine. Then press the small save icon (ex: 192.168.8.2:8080) c. Add burp certificate to Trusted CA Certificate 6. Add the port number in BurpSuite. BurpSuite > Proxy > Options > Proxy Listeners > Add a. Add the port number you gave in HTTP Toolkit settings b. Select "All Interfaces" and click "OK" to save it. 7. Now the HTTP Toolkit will start to proxy all the request from your device The setup is , Android Device <-> HTTP Toolkit <-> BurpSuite

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.