Burp Suite User Forum

Create new post

Mobile Security

Nagesh | Last updated: Oct 25, 2016 07:50AM UTC

I am using burp on android device by configuring android with burp and I also installed burp CA certificate on device, it is also showing PortSwigger CA In trusted credentials. I was able to capture through browser but I am not getting any request in burp(intercept tab) and even there is no action on application. Can anyone suggest for this?

Liam, PortSwigger Agent | Last updated: Oct 25, 2016 08:24AM UTC

Hi Nagesh Thanks for your message. It’s possible that the browser is not using the CA certificate that you have installed on the device. Some apps use their own certificate trust store, and some implement certificate pinning to only trust specific server-side certificates. In this situation, breaking the SSL tunnel is non-trivial and may entail jailbreaking the device or using some other advanced tools. One of our users created a short video on the process: https://vimeo.com/137672482 In the video they go over how to setup Android with ProxyDroid and FS Cert Installer to push HTTPS App traffic to Burp Suite. They also provided these basic instructions. Burp Suite Host: • Reset burp suite • Turn on listen to all interfaces Android Host: • Remove all User Certs • Stop task and remove data for ProxyDroid and FS Cert installer ( you can just uninstall reinstall ) • Put the phone in airplane mode then turn on WIFI • In FS Cert put in proxy IP and PORT then click the middle button Add CA and add it under WIFI Cert in the dropdown • Then click test chain and it should all be green yes for www.google.com • For Proxydroid just put in the IP and port and also tunnel DNS • Kill or reinstall any apps before you start to make sure they go through the proxy properly Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.