Android app test using burp suite to implement HTTPS capture method

The app's test focus is small in the app itself, mostly on network communications (with the exception of stand-alone editions). So in the Android app testing process, network capture is very important, in general, app development will use HTTP protocol, Websocket, socket protocol, generally speaking, the most HTTP protocol, Websocket is a rising star, the minimum socket, and the best tool for HTTP and websocket,burp suite tools. However, when the app uses SSL or TLS encrypted transmission (HTTPS), because the certificate is not trusted, it leads to the network communication terminal, which fails the packet capture. This article describes how to crawl an HTTPS package using Burp suite.

First, tool preparation

Android Phone (NEXUS4, native Android, not root)

Notebook (with wireless card, you can create WiFi hotspot)

WiFi hotspot software/same LAN

Burp Suite Software (crawl http, HTTPS, websocket pack)

Second, the principle of grasping the bag

With Burp Suite proxy, the phone's traffic is passed through Burp Suite, the Burp Suite root certificate (PORTSWIGGERCA.CRT) is exported and imported into the phone, and the HTTPS traffic for the phone will be available through the Burp Suite agent.

Third, the configuration process 1. Ensure that the network can be represented

Because Burp Suite is the use of the agent to grasp the package, so to ensure that the network can be agents, can not be blocked by firewalls, the best way is to host virtual WiFi hotspot.

2. Burp Suite Configuration

Configure proxy IP and port in burp Suite's proxy project.

You can also add multiple proxies for burp suite here

Android method

3. Export the Burp suite root certificate

In Firefox, use the Burp Suite agent to open an HTTPS link, get the relevant certificate, and export:

To export a certificate directly:

Download the exported root certificate to your phone through tools such as Hfs.exe, and install the Burp Suite root certificate from the storage device installation (certificate) option, security, settings, and so on:

4. Connect your phone to the WiFi hotspot and set up the agent:

The phone connects to the WiFi hotspot we just set up and configures the agent in the Advanced options:

With the above configuration, HTTP traffic in the app can go straight to Burp suite:

Iv. Summary:

Android app is more in the use of HTTP communication, a few of the use of HTTPS, which is also the status of domestic network security issues. After all, unencrypted HTTP communication saves bandwidth and system resources, and more people directly use non-SSL or TLS-encrypted HTTP communication, which is why network sniffing is so popular and simple. HTTPS communication needs to trust the public key, so as long as there is a key or root certificate, grasping the package is very easy, which also tells us directly, if we visit the normal site, suddenly pop let us trust the certificate, then maybe we are being sniffed ...

Android app test using burp suite to implement HTTPS capture method