Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Unable to intercept with Android mobile app using Burpsuite

Divya | Last updated: Jul 24, 2018 12:57PM UTC

1.i am using genymotion virtual android device. 2.I have download Google Nexus 5X-7.1.0 3.I have set the necessary proxy setting for burp suite ,as well as wifi proxy connection in genymotion. 4.I have download and installed Burpsuite CA certificates also. 5.And then i downloaded Instagram from play store and trying to testing with Burp Suite ,but am getting alert message as 'An unknown network error has occured'. Please, help me out.

Liam, PortSwigger Agent | Last updated: Jul 24, 2018 01:15PM UTC

Which version of Android are you using? Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. We recommend that you use an older version of Android for your testing. If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator. If you are using an older version of Android, it may be that Instagram does not obey proxy settings. What I suggest you do is set up a laptop as a wireless access point, and connect the phone to the access point. Run Wireshark on the laptop and open Instagram. This will show the network traffic, which you can analyse to work out what's going on. Please let us know if you need any further assistance.

Burp User | Last updated: Jul 25, 2018 06:51AM UTC

Thanks for your Response . Yes,I am using Android version "Nougat" in Genymotion emulator .I have installed a trusted CA certificate in Burp Suite and emulator also. i have opened the Instagram my emulator and set proxy->intercept is on and i have user name and password and clicked login button . Even though, i am getting an error message as "An unknown network error has occurred" while testing app like Instagram. But i am able to connect with browser and i was able to intercept through browser but for app from android device , i cannot able to intercept . Kindly give me the solution to intercept Burp Suite with Android app.

Liam, PortSwigger Agent | Last updated: Jul 25, 2018 07:27AM UTC

One solution is to try an older version of Android. If the app is using HTTP or HTTPS but does not obey the proxy settings, you'll need to use a technique like this: - https://support.portswigger.net/customer/portal/articles/2899081-using-burp-s-invisible-proxy-settings-to-test-a-non-proxy-aware-thick-client-application If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.