Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

How do I setup burpsuite to test android apps using an emulator?

Zack Amaral Sep 05, 2019 05:47PM UTC

Hi,

I'm trying to setup burpsuite to test my company's android app using android studio's emulator. You used to be able to use an app called ProxyDroid and FS Installer, but ProxyDroid is no longer available on Google Play.

Does anybody know a solution to use burpsuite as a proxy for testing android apps in an emulator?


Mike Eaton Sep 06, 2019 12:44PM UTC Support Center agent

Hi Zack, we have an article on our support center on how to use Burp Suites to test Android applications. https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp


Zack Amaral Sep 10, 2019 04:58PM UTC
@Mike Eaton,

This solution only works for testing on a browser inside Android. I'd like to be able to configure Burpsuite to be a Proxy for testing apps. Whenever I open an app with Burpsuite configured for Android, I get an error that says the connection has timed out. Is there a solution out there that's specific for testing android apps?

Mike Eaton Sep 11, 2019 09:59AM UTC Support Center agent

Does this Android application send and receive HTTP requests? as this is what Burp Suite uses to map and test your application for vulnerabilities.

Have you tried configuring the proxy settings for your emulated Android environment within your emulator?


Zack Amaral Sep 11, 2019 06:38PM UTC
@Mike Eaton

Yes, it does send and receive HTTP requests. I've configured the proxy settings following one of the guides on portswigger support. The only thing I can think of that might be causing issues, when I installed the burp certificate, it installed onto the user section instead of the system section on the android emulator. Would that make a big difference?

I can still view requests from the emulator's browser, but I can't view them from inside our app or any other app.

Mike Eaton Sep 12, 2019 10:57AM UTC Support Center agent

Hi Zack,

Yes, we advise installing your certificate as close to the root level of the system as possible as opposed to user-level configuration. So it would be worth applying that to your emulator and trying again.

Do you have a link for the guide you used to configure your proxy settings?


Post Your public answer

Your name
Your email address
Answer