Configuring an Android Device to Work With Burp
To test web applications using an Android device you need to configure your Burp Proxy listener to accept connections on all network interfaces, and then connect both your device and your computer to the same wireless network. If you do not have an existing wireless network that is suitable, you can set up an ad-hoc wireless network.
Configure the Burp Proxy listener
In Burp, go to the “Proxy” tab and then the “Options” tab.
In the “Proxy Listeners" section, click the “Add” button.
In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.
Then select the “All interfaces” option, and click "OK".
Note: You could alternatively edit the existing default proxy listener to listen on all interfaces. However, using different listeners for desktop and mobile devices enables you to filter these in the Proxy history view.
The Proxy listener should now be configured and running.
Configure your device to use the proxy
In your Android device, go to the“Settings” menu.
If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.
In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.
If you have configured a password, enter it and continue.
Once you are connected hold down on the network button to bring up the context menu.
Tap “Modify network config”.
Ensure that the “Show advanced options” box is ticked.
Change the “Proxy settings” to “Manual” by tapping the button.
Then enter the IP of the computer running Burp into the “Proxy hostname”.
Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.
Test the configuration
In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).
Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)
The request should be intercepted in Burp.