Android app Test, a small amount of work on the Android components, such as the end side, mostly concentrated on network communications. Therefore, in the test process, network capture is very important, in general, the app will use the HTTP protocol, Websocket,socket protocol. One of the most HTTP protocol, WebSocket is a rising star, the minimum socket. For HTTP and Websocket,burp suite, this is the perfect place to grab a packet.
The following records the configuration method for forgetting.
Prepare material
One Android phone
WiFi internet access
Burp Suite One
Phone side configuration
Connect your PC with your phone to the same WiFi network and see the PC side IP address, such as IP address 192.168.1.100
Open your phone (take Huawei mate for example), set->wlan, long press connected, modify network
Configure the proxy server for the IP address of the PC, Port 8080 (casual), connect
Open Burp suite,proxy->options, set up a proxy server:
Under the Intercept tab, set Intercept is on, and now the app's network data can be captured, as follows:
- Then there is a question, if you want to run a request with Sqlmap, there is no SQL injection, how to do?
It is very simple to save each proxy request to the log, Sqlmap use the-l parameter to specify the file run. Specific settings:
If we select the Sqlmap.txt file, save the proxy request log.
E:\android>sqlmap.py-l Sqlmap.txt
You can run like this.
- How do I catch HTTPS packets?
We test the reset password, retrieve password and other functions, many times the communication using HTTPS encryption, the following settings can be HTTPS capture:
A) export the Burp suite root certificate
After the browser has set up the agent, visit http://burp/.
Download the Burp Suite certificate, this is der format, we want to CER, use Firefox browser to go, import and export it.
b) Add a trust certificate to your phone
Upload the exported certificate portswiggerca.crt to your phone and install it. (Below is Mate8, each phone location may not be the same)
Below, a peer-to-net loan app resets the password-caught packet using https:
In addition, like our usual internet to hang agent, burp Suite configuration method is as follows:
- Burp in Options->upstream proxy Servers, configure the original proxy (you used to surf the internet).
- Proxy->options->proxy listeners Configuration agent, 127.0.0.1:8080 (burp as a proxy server)
- IE modified agent for 127.0.0.1:8080, the data path is: IE (Browser)->burp suite-> original Proxy->web server
Android security Test Burpsuite grab Bag