Burp Suite User Forum

Login to post

Intercept traffic from Android application

Karal | Last updated: Mar 12, 2023 10:44AM UTC

Hello, I have tried to add certificate in systeme but I didn't succeed because I need to root my phone and I don't want to take this risk (unless the manipulation can be reversed). Any know any other way to do it ?

Cameron | Last updated: Mar 13, 2023 07:05AM UTC

Use an emulator such as Genymotion or Android Studio, instead of your actual device.

Karal | Last updated: Mar 13, 2023 07:14AM UTC

How it's work with Android studio Emulator ?

Ben, PortSwigger Agent | Last updated: Mar 13, 2023 08:19AM UTC

Hi Karal, If you want to use a physical device that is running a later version of Android then you would need to root it, I am afraid. As has been suggested, you could instead use an emulator instead of your physical device (these normally provide an easy way to use root).

Karal | Last updated: Mar 13, 2023 02:50PM UTC

For root, It's possible to root it to add cert in system folder then unroot it with no other impact than adding the certificate ? Do you have steps to follows with Emulator ?

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 08:22AM UTC

Hi, If you want to use your device in conjunction with Burp then you would need to leave it rooted. I believe that you can 'unroot' your device but that would a complete reset of the device. As noted, using emulators is normally an easier option if you are unsure of whether you want to go ahead with this.

Karal | Last updated: Mar 14, 2023 09:30AM UTC

Could help me to setup Burp on emulator with Android studio please ?

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 11:40AM UTC

Hi Karal, To confirm, you do not setup Burp on the emulator - you setup Burp on your machine and proxy the traffic from the emulated devices through to Burp. What stage are you currently at with this - do you have Android Studio installed?

Karal | Last updated: Mar 15, 2023 01:16PM UTC

Hello, I have Android studio and device installed.

Karal | Last updated: Mar 16, 2023 06:40AM UTC

Certificate is ready, I just need to root the phone to be able to add it.

Ben, PortSwigger Agent | Last updated: Mar 16, 2023 09:22AM UTC

Hi, We do not have any specific documentation around setting up emulated devices in Android studio to proxy their traffic through Burp but the following appears to be a reasonable guide: https://passkwall.medium.com/how-to-configure-android-studio-with-burpsuite-46814392e31c There are some caveats on the above - you would now need to install the Burp CA Certificate at the system level on your emulated device (as previously discussed), as described below: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat#install-burp-ca-as-a-system-level-trusted-ca In addition, if you want to proxy traffic from a Chrome browser above version 99 then you would be advised to carry out the following steps as well: https://httptoolkit.com/blog/chrome-android-certificate-transparency/#how-to-fix-it

Karal | Last updated: Mar 17, 2023 02:03PM UTC

I have installed Emulator with Burp Certificate but I can't access internet with proxy and after restarting the defice the cert is removed.

Karal | Last updated: Mar 19, 2023 01:44PM UTC

Anyone could help please ?

Ben, PortSwigger Agent | Last updated: Mar 20, 2023 08:28AM UTC

Hi Karal, Can you explain, in detail, the steps that you have carried out so far so that we have an understanding of what you have done? If this is easier to do via email then please feel free to send us an email to support@portswigger.net and we can take a look from there.

You need to Log in to post a reply. Or register here, for free.