Novice Tutorial: How to use Burpsuite to crawl the phone app's HTTPS data

This paper briefly describes the case of Burpsuite interception of mobile phone messages:

1. Required Conditions · The phone has root access
· Mobile phone has successfully installed xposed frame
· Computer One
2. Detailed steps
2.1 Install xposed Justtrustme on the phone
Justtrustme is a xposed hook plug-in that removes the HTTPS certificate check, and then it can crawl the packet of the app that made the certificate check. Justtrustme location on GitHub: Https://github.com/Fuzion24/JustTrustMe
After installing the module, tick the Justtrustme module and restart your phone.


2.2 Configuring Burpsuite
Open burpsuite, switch to proxy, then switch to the options option below, then click Add, then configure the port, IP select the IP address of the machine, then click OK to add


Tick the running box to select the


2.3 Importing Burpsuite certificates
On the computer side using the Firefox browser access settings proxy IP: port, download the Burpsuite certificate, such as I above the IP is 192.168.1.105, the port is 8080, access http://192.168.1.105:8080/and then go to download the certificate


Click CA certificate to download the Burpsuite certificate, save the certificate file


Enter Firefox settings, select Advanced, then select Certificate, click View Certificate


Then select the server, click Import, import just download the Cacert.der certificate, after the import will be more than one Portswigger certificate, select it, then click Export, select the certificate, and then rename the export, here is the reason to export the certificate, It's because the phone doesn't recognize the burpsuite. The default exported certificate format, to be converted.


After export, put the certificate in the phone's SD card, then enter the phone settings, security, from the SD card installed, and then choose to put the phone's certificate file, if the phone does not set the lock screen password, here will ask to set the phone lock screen password. Different phone import slightly different, but all in the settings, security settings inside to import the certificate.



Click Install from SD card to select the certificate file in the SD card and install it.
2.4 Configuring a proxy server on your phone
Go to phone settings, Wi-Fi, connect your phone and WiFi to the same router, and then set up WiFi, some phones are long press the current connected WiFi settings, some are click the right arrow to set, here are two say
The first type:
Enter settings, click Wi-Fi, then long press the current connected WiFi, select Modify Network, swipe to the bottom, tick the show advanced options, and then select the proxy settings for the manual proxy server host name fill the computer IP, port fill the port you just set. Then make sure that the settings are successful.




The second type:
Go to Settings, WLAN, click the right details icon of the current connected WiFi, open the edit current connected WiFi, and then select the Proxy settings as manual, host name to fill the computer IP address, port fill just the address set inside the Burpsuite, then click OK to save, set the success.


After the set up can crawl HTTPS packets, with the certificate check can also be normal crawl, if not installed Justtrusme plug-in, you cannot catch the app with the certificate verification HTTPS packets.


The tutorial to crawl HTTPS with Burpsuite is over here.