Configuring an Android Device to Work With Burp

To test web applications using an Android device you need to configure your Burp Proxy listener to accept connections on all network interfaces, and then connect both your device and your computer to the same wireless network. If you do not have an existing wireless network that is suitable, you can set up an ad-hoc wireless network.

Configure the Burp Proxy listener

In Burp, go to the “Proxy” tab and then the “Options” tab.

In the “Proxy Listeners" section, click the “Add” button.

 

In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.

Then select the “All interfaces” option, and click "OK".

Note: You could alternatively edit the existing default proxy listener to listen on all interfaces. However, using different listeners for desktop and mobile devices enables you to filter these in the Proxy history view.

 

The Proxy listener should now be configured and running.

 

Configure your device to use the proxy

In your Android device, go to the“Settings” menu.

 

If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.

 

In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.

 

Tap "Connect".

If you have configured a password, enter it and continue.

 

Once you are connected hold down on the network button to bring up the context menu.

Tap “Modify network config”.

 

Ensure that the “Show advanced options” box is ticked.

 

Change the “Proxy settings” to “Manual” by tapping the button.

 

Then enter the IP of the computer running Burp into the “Proxy hostname”.

Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.

Tap "Save".

 

Test the configuration

In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).

 

Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)

 

The request should be intercepted in Burp.

Note: On some Android emulators you will need to add the proxy details from the emulator settings menu rather than the native Network / Wifi settings on the emulated device.