Burp Proxy Android

moveax41h · March 20, 2019, 5:32pm

I followed a rather lengthy process of rooting my Pixel 2 using Android 9 and then installed the PortSwigger certificate file into my Android’s /system/etc/security/cacerts, finally I changed permissions. That all worked, in fact, the cert is valid and is now enabled in my Android Trusted Certs settings. I then set up my proxy settings on my WiFi connection to route thru my machine running Burp Suite. This worked as well, as I am able to intercept HTTP traffic and SOME HTTPS traffic. However, I am not able to intercept most HTTPS traffic it seems… And if I go to https://google.com for example, I get the insecure page warning.

Does anyone know what could be causing this and a way to get better functionality out of Burp proxy with Android? Thanks.

Instructions followed:

samhouston · March 20, 2019, 8:45pm

Hi @moveax41h! Welcome to bugcrowd

Are you finding that you’re not able to intercept HTTPS traffic from some apps, or only particular apps?

Have you tried to disable certificate pinning? https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/

Topic		Replies	Views
How to build a simple SSL mitm proxy Starter Zone	2	3854	June 10, 2015
SSL Unpinning on android apps Starter Zone	2	3694	December 28, 2021
Proxy Burp issue Bugcrowd Discussion	0	357	February 20, 2024
Hacking with Burp Suite - Tutorial 1 Starter Zone	2	14088	November 26, 2015
Looking for ways to do some undetecable web crawling Recon Techniques	10	3719	October 23, 2018

Burp Proxy Android

Related Topics