Burp Suite User Forum

Login to post

Intercepting Android version 8.1 HTTPS Traffic

Spencer | Last updated: Feb 19, 2018 12:57AM UTC

Hi there, I have a rooted Nexus 5x (Magisk rooted) with Android 8.1 installed. I have been trying to intercept traffic with Burp but I'm running into problems that I have never had before. There are only a few HTTPS requests that I can seem to intercept. Both in FireFox and Chrome, I get a "certificate untrusted" error in one form or another and I can't connect to HTTPS websites. I've tried having the Burp CA installed at a User Certificate for VPN/Apps, for WiFi, and for both. None changed anything. I also tried moving the User Certificate into the System Certificates folder and I'm still running into the same issues. I'm listening on my computer on it's own IP and an unused port, then putting the phone in airplane mode and turning wifi on, then setting the proxy settings. Burp will intercept some traffic, but most fails SSL validation, even traffic in my browser which surprises me. I've tried installing SSL Unpinner from Xposed framework, doesn't change anything. I tried Inspeckage from Xposed and it fails to hook any activity. The only thing I can think of that I haven't tried is Frida Framework, but it doesn't seem to be compatible with Android 8.1 from what I can tell. If anyone has any ideas that would be very helpful! Thank you!

Liam, PortSwigger Agent | Last updated: Feb 19, 2018 03:50PM UTC

Android have changed how they handle trusted certificate authorities (CAs): - https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html We haven't performed testing on this OS, however, there are some examples online: - https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/ - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/bypassing-androids-network-security-configuration/ Please let us know if you need any further assistance.

Burp User | Last updated: Jul 11, 2018 04:33AM UTC

Please provide an alternate to intercept HTTPS traffic of Android devices v7+ . Also, request you to please mention detailed tutorial for other readers also.

PortSwigger Agent | Last updated: Jul 11, 2018 07:21AM UTC

Hi Alok, The tutorial that users have most success with is this one: - https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ Just to be clear, Burp does not provide a "point and click" method to intercept these devices - this is an advanced topic where testers will need to manually configure the environment.

Burp User | Last updated: Sep 14, 2018 06:44AM UTC

Could you please guide me to intercept the traffic of Android 8.1 Oreo with out root.

Liam, PortSwigger Agent | Last updated: Sep 14, 2018 06:56AM UTC

Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. We recommend that you use an older version of Android for your testing. If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator. Please let us know if you need any further assistance.

Liam, PortSwigger Agent | Last updated: Mar 21, 2019 04:26PM UTC

Could you send us a screenshot of the error message? Which version of Android are you using?

Burp User | Last updated: Mar 21, 2019 04:45PM UTC

steps mentioned in below URL : https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ works very well with my rooted Samsung Galaxy S8 device and now I'm able to intercept all traffic from my Android 8.0.0. The only change I suggest is that make you proxy listener on "All Interfaces" at Burp Suite and don't forget to use below command. chmod 644 /system/etc/security/cacerts/<cert>.0 as without that your setup may not work. Thanks.

Burp User | Last updated: Jun 03, 2019 07:27AM UTC

I am unable to download the burp certificate in android device.Dispalying error message as the site cant be reached. I have set the proxy properly in burp as well as in mobile. do i need to do any configuration changes in mobile. Kindly help!

Ben, PortSwigger Agent | Last updated: Jul 02, 2019 12:21PM UTC

Are you able to provide us with any details on the steps that you have tried to get this to work? As noted previously, Android have changed the way they handle trusted CA. Burp does not provide a "point and click" method to intercept these devices – this is an advanced topic where testers will need to manually configure the environment.

Burp User | Last updated: Aug 06, 2019 08:56PM UTC

I'm having an issue copying the Burp certificate to: /system/etc/security/cacerts/ I have a Samsung M20 rooted with Magisk running Android 8.1. Whenever I copy the certificate to /system/etc/security/cacerts/ the phone directly reboots. I tried a lot of solutions I but nothing seems to work so far.

Burp User | Last updated: Jan 30, 2020 07:01AM UTC

Nothing

Burp User | Last updated: Feb 06, 2020 03:46PM UTC

still no solution on this ????, very bad burp suite on android :(

You need to Log in to post a reply. Or register here, for free.