App's test focus is on the app itself, mostly on network communications (except for stand-alone editions). Therefore, in the Android app test, the network grab bag is very important, in general, app development will use HTTP protocol, Websocket, socket protocol, in general, the most HTTP protocol, Websocket is an up-and-comer, the least socket, The HTTP and websocket,burp suite tools are the most appropriate tool. However, when the app uses SSL or TLS encrypted transmission (HTTPS), because the certificate is not trusted, directly lead to network communication terminals, grab packets failed. This article describes how to use the Burp suite to crawl HTTPS packets.
First, tool preparation
Android Phone (NEXUS4, native Android, not root)
Notebook (with wireless network card, you can create WiFi hotspots)
WiFi hotspot software/same LAN
Burp Suite Software (crawl http, HTTPS, WebSocket package)
Second, grasping the principle of the bag
via the Burp Suite proxy, the mobile traffic flows through the Burp suite, the Burp Suite root certificate (PORTSWIGGERCA.CRT) is exported and imported into the phone, and the HTTPS traffic of the mobile phone is available through the Burp Suite agent.
Third, the configuration process 1. Ensure the network can be agent
Because the Burp suite is the use of agent-grabbing method, so to ensure that the network can be agents, can not be blocked by firewalls, the best way is to host virtual WiFi hotspot.
2. Burp Suite Configuration
Configure the proxy IP and port in the Burp Suite's proxy project.
You can also add multiple proxies for the Burp suite
3. Export Burp Suite root certificate
In Firefox, use the Burp Suite agent to open an HTTPS link at random, get the certificate, and export:
To export a certificate directly:
Download the exported root certificate to your phone and install the Burp Suite root certificate from the storage device installation (certificate) option in-> security-> by using tools such as Hfs.exe:
4. Mobile phone connection WiFi hotspot, and set up agent:
The phone connects the WiFi hotspot we just set up and configures the agent in the Advanced options:
With the above configuration, the HTTP traffic in the app can go directly to the Burp suite:
Four, Summary:
Android app is more of HTTP communication, a small number of HTTPS, which is also the status of domestic network security problems. After all, unencrypted HTTP communications save bandwidth and system resources, more people directly using non-SSL or TLS encrypted HTTP communication, which is causing the network sniffer so popular, simple reason. HTTPS communications need to trust the public key, so as long as there is a key or root certificate, grasping the package is very easy, this also directly tells us, if access to the normal web site, suddenly pop-up let us trust certificate, then perhaps we are being sniffing ...