Capturing android application traffic using BurpSuite

Step 1: Install burp suite on your Laptop/Desktop.

If you haven’t already installed burp suite on your hacking machine please follow the blog to install burp suite.

Step 2: Get the ip of your hacking machine from the command prompt using ipconfig command.

Step 3: Configure the burp for listening the incoming traffic to your system using your system ip and any port(9999 for example)

Step 4: Open the Wifi settings on your android device, long press on the wifi name. (Make sure your hacking machine i.e., laptop/desktop and the mobile device both are connected to the same wifi for capturing the traffic.

Long pressing will give you “modify network” option depending upon the android device this option name might be different in some device it might be advanced settings.

Step 5: Go to the “modify network” option.

Step 6: Under the proxy option we need to select manual and then enter the ip of the laptop/desktop that we got from the step 2.

Step 7: Save the changes.

Step 8: Now make sure that the burp intercept is turned to off.

Step 9: Open any browser on the android device and browse to http://burp.

Step 10: Clicking on the CA Certificate will download a burp certificate in the downloads folder.

Step 11: The above downloaded certificate will be of .der extension and it can’t be used for the android device so we need to modify the .der extension to .cer.

Step 12: Save the file.

Step 13: Go to mobile settings and search for install certificate.

Step 14: Click on install certificates.

Step 15: Browse to the Downloads folder and select the .der file that we just renamed in step 8.

Step 16: Give the device pin.

Step 17: Give the certificate a name of your choice.

Step 18: Voila, the certificate is installed.

Step 19: All set to capture the traffic on burp from any app on the android device, now turn on the intercept and browse anything on the browser/any application to check the proper configuration.