Burp Suite User Forum

Login to post

Sniff Android Apps

DrConfiger | Last updated: Nov 07, 2020 09:01AM UTC

Hello, do not be tired Excuse me, I had a question, when I want to sniff a program like PayPal or a program with such a level of security with Burp, Paypal says it does not have access to the Internet and I can no longer sniff. While it works well for other programs and I can sniff. What can I do to sniff such high-level programs with Burp? Is it possible if I can change the source of a program to solve this problem?

DrConfiger | Last updated: Nov 07, 2020 12:24PM UTC


Ben, PortSwigger Agent | Last updated: Nov 09, 2020 09:10AM UTC

Hi, It sounds like the PayPal app is probably using Certificate Pinning to prevent you from intercepting its traffic. The following blog details some strategies to try and circumvent this: https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/ Please be aware that this is not a trivial process and may require a large amount of work to successfully bypass this security method.

You need to Log in to post a reply. Or register here, for free.