Burp Proxy Android

#1

I followed a rather lengthy process of rooting my Pixel 2 using Android 9 and then installed the PortSwigger certificate file into my Android’s /system/etc/security/cacerts, finally I changed permissions. That all worked, in fact, the cert is valid and is now enabled in my Android Trusted Certs settings. I then set up my proxy settings on my WiFi connection to route thru my machine running Burp Suite. This worked as well, as I am able to intercept HTTP traffic and SOME HTTPS traffic. However, I am not able to intercept most HTTPS traffic it seems… And if I go to https://google.com for example, I get the insecure page warning.

Does anyone know what could be causing this and a way to get better functionality out of Burp proxy with Android? Thanks.

Instructions followed:

0 Likes

Have a question? Ask it here in this thread!
#2

Hi @moveax41h! Welcome to bugcrowd :slight_smile:

Are you finding that you’re not able to intercept HTTPS traffic from some apps, or only particular apps?

Have you tried to disable certificate pinning? https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/

0 Likes