Mobile HTTPS grab bag those things--junior Post

For security researchers or security enthusiasts who have just entered the field of mobile security, a big problem when conducting penetration testing of mobile apps is that they cannot crawl HTTPS traffic packets, causing penetration testing to continue. This time to introduce some mobile phone side how to crawl HTTPS traffic skills. The following will be mainly through the two levels of the chapter to gradually introduce to you: first chapter-Introductory article:Shallow level grab bag. How to crawl HTTPS traffic for non-root devices (Android) or non-jailbroken devices (IOS); Chapter II-Advanced article:Deep grab bag. How to crawl HTTPS traffic for the root device or jailbreak device. For non-root Android devices or jailbroken iOS devices, due to insufficient user access to the device control permissions, so only a shallow level of HTTPS capture, that is, by installing the capture tool in the mobile device certificate to the Mobile Device Trust capture tool to crawl HTTPS traffic, However, this method only applies to some applications that are not very strict with certificate validation, such as applications that trust any SSL certificate vulnerabilities, and so on. Here's an example of how to install a certificate on a different platform (Android & IOS) device to crawl HTTPS traffic packets using the Burp Suite Capture Toolkit.

Android Platform

Android devices need to export the Burp Suite's certificate on the PC and then upload it to the phone for installation.  First open burp Suite and set up a local agent.  Open the Firefox browser, set the local agent: ip:127.0.0.1 Port: 8080.  Open any HTTPS Web site, such as: https://www.baidu.com.  At this point Firefox will prompt the connection is not secure, next click Advanced, select Add Exception.  A warning pops up at this point.  Click the View option under Certificate status to display the certificate information.  Click Details and select the Portswigger CA in the certification authority.  Click the Export button below to export the certificate file locally.  The certificate file is then sent to the phone's SD card directory via the USB cable or the ADB push command. Open Phone settings, select Security, and select Install Certificate from SD card.  Open SD Card Select the certificate file that we just uploaded to the phone, click on the file and set a name to install.    When the installation is complete, click on the user entry in the trusted credentials to view the installed certificate information. Some systems or models may be installed directly by clicking on the certificate file in the SD card directory. There may be some systems or models where the certificate files are installed differently, and this is not the case in one by one.

iOS platform

iOS devices are much more convenient to install Burpsuite certificates. The first thing you need to do is make your iOS device and install the Burp Suite PC on the same network segment (1, iOS devices and computers connected to the same wireless network, 2, computer hotspot for iOS devices to connect) and set up the agent, that is, the operation of normal crawl HTTP traffic.   iOS devices directly open the IP and port of Burpsuite listening.  Click CA Certificate to prompt you to install the description file as a certificate file.  Click Install to prompt for your phone password.  A warning will appear after you enter your phone password.   Click Install directly, continue to complete the installation, you can install successfully. Then go to the phone settings-generic-profile to view the certificate information. TestAfter the certificate is installed, access an HTTPS Web site with your phone, and you will find that HTTPS packets can be crawled. If there are inappropriate places to write, please correct me. Chapter II-Advanced articleUpcoming release, Welcome to continue to pay attention.

Mobile HTTPS grab bag those things--junior Post