Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Reflect traffic from mobile app in my Burp Suite

Dsca | Last updated: Jul 20, 2022 08:11AM UTC

I need to send the traffic from mobile apps to my proxy (Burp). When I finally did it, I found out that everything is working only in Windows. The traffic from mobile apps is reflected in a Burp only in a Windows OS. When I try to do the same things (set Burp on my IP and and shell settings put global http_proxy ip:port) in Kali, it doesn't work at all. What can be wrong? Of course, I could work in Windows, but Kali is my main OS with a customized environment.

Dsca | Last updated: Jul 20, 2022 08:15AM UTC

I think there are problem with burp certificate. Do I need to download another certificate when I go work in linux(already have installed Burp certificate on my android device and in Windows it works perfect) or not?

Ben, PortSwigger Agent | Last updated: Jul 21, 2022 05:55PM UTC

Hi, The CA certificate is generated during the installation process and is unique to that Burp installation so you would need to export the certificate from the Linux installation and import that within the Android device.

Dsca | Last updated: Jul 22, 2022 07:36AM UTC

Hello, I've reinstalled certificate during running Kali linux and tt is solved problem with my https:// visiting now I can do it from my android device(and I see the raffic from my web browser), but I sctill can't see the traffic in Burp from my mobile apps. I have suspicion that I have to delete and reinstall PortSwgigger CA from the system folder but I don't how to delete the certificate from the "system". The "clear credentials" options delete only user's certificates. I've tried to delete it manually but alway get an error: /system/etc/security/cacerts # rm 9a5ba575.0 rm: 9a5ba575.0: Device or resource busy

Dsca | Last updated: Jul 22, 2022 07:53AM UTC

Yes, I confirmed my assumption. I've deleted all certificated by using "clear credentials" options on my android (running Linux) but the system PortSwigger CA remained unchanged after I went to my Windows and here everything is still working without any installation/reinstallation. So I have to delete the certificate from system folder and install it during running Kali linux. But how I can delete it...

Ben, PortSwigger Agent | Last updated: Jul 22, 2022 10:28AM UTC

Hi, If you can successfully proxy HTTPS web traffic from your Android device through your Linux Burp I would expect this to also work with mobile apps (assuming that the traffic from these mobile apps is able to be proxied, which I assume is the case as you have mentioned this works when you had Burp installed in Windows) - they should be using the same certificate. It is probably a good idea to clear down everything that you have when you try this on Linux so that you are starting from a clean setup. In terms of deleting the certificate, I use Total Commander on my Android device and this allows me to successfully delete the Burp certificate from under the /etc/security/cacerts directory without any issue. Which method are you currently using to try and remove the certificate?

Dsca | Last updated: Jul 22, 2022 10:47AM UTC

Thanks for the advice with Total Commander! I assumed so that if I can proxy my mobile app traffic I can proxy my https web traffic but it's not, right now I proxy my mob app traffic but browser on my android device is still don't allow to visit https:// pages. I understand it sounds strange but I could share screensshots... Anyway I ll start from totall commander installing and try to install certificate while running LInux.

Dsca | Last updated: Jul 22, 2022 10:54AM UTC

Update: I can see in Total Commander all system certificates in /system/etc/security/cacerts except my Burp Certificate:) (I gave the permissions to the Total Commader)

Dsca | Last updated: Jul 22, 2022 11:00AM UTC

Again update: I found it thanks to "search" but I can't delete it: /system/etc/security/cacerts # rm 9a5ba575.0 rm: 9a5ba575.0: Device or resource busy

Dsca | Last updated: Jul 22, 2022 11:23AM UTC

Problem with deleting solved: deleted magisk modules and reboot the device

Dsca | Last updated: Jul 22, 2022 11:34AM UTC

Solved! Thanks Ben! I couldnt figure it out without you!

Dsca | Last updated: Jul 22, 2022 11:52AM UTC

Now mob.app traffic reflects in my Burp running Kali! But I can't visit https:// pages :))) Mb I need to install Burp cert for wifi now?:)

Ben, PortSwigger Agent | Last updated: Jul 22, 2022 12:37PM UTC

Hi, What browser are you using on your Android device?

Dsca | Last updated: Jul 25, 2022 07:06AM UTC

Hello, I'm using google chrome

Ben, PortSwigger Agent | Last updated: Jul 25, 2022 09:50AM UTC

Hi, Can you confirm the version of Chrome that you are using? If you are using Chrome version 99 (or above) this will add a layer of complexity to getting this to work due to some changes that were made in Chrome fairly recently (and would possibly explain the behaviour that you are seeing) so it would be useful to know the exact browser version that you are using.

Dsca | Last updated: Jul 25, 2022 01:32PM UTC

Yeah, Ben it's "Chrome 103.0.5060.129" I've tried Firefox (v.102.2.1) the same situation.

Ben, PortSwigger Agent | Last updated: Jul 26, 2022 10:31AM UTC

Hi, From Chrome version 99, Google have expanded the use of certificate transparency. What this means is that Chrome on Android will now not work with system level certificates supplied by the user (there are some additional checks that are now performed, which impacts certificates used by MiTM software). At the moment, if you have the Burp CA certificate installed as system you should be able to proxy mobile app traffic but will encounter issues proxying traffic from Chrome. The following blog post does, however, provide some additional steps that you can perform in order to circumvent this and allow your system level certificate to proxy mobile app and Chrome browser traffic (the whole blog post provides a good background explanation to this but the 'How to Fix It' section provides some additional configuration that you can perform): https://httptoolkit.tech/blog/chrome-android-certificate-transparency/ We have tested this ourselves and have also had other users report that these additional steps do work so we would recommend you try these going forward.

Dsca | Last updated: Jul 26, 2022 11:47AM UTC