Configuring Burp Suite Mobile Assistant

Having installed Burp Suite Mobile Assistant on your device, the next step is to add your target application to the injected apps list. An app will be injected with a certificate pinning bypass if it matches at least one of the entries in the injected apps list.

 

A connection with the remote server will only be established if the server can prove its identity by means of a certificate that matches the app's expectations.

 

Burp Suite Mobile Assistant can be launched just like any other app on your device. Simply tap the app's icon to get started.

 

Tap the "Add injected app" button.

 

The add menu shows a list of user and system apps, which can be individually selected to be injected.

You can use the filter bar to search for a specific app.

Items can be added to injected apps list with a single tap on the specific app.

 

The item will then appear in the injected add list.

You can individually enable or disable entries in the injected apps list. Various checks are performed when an item is enabled, and items will be automatically disabled if an error occurs.

Note: Enabling an injection doesn't make it take effect immediately. Injection is performed at the time that an app is launched. Hence, an app will need to be restarted if it was already running when it was enabled in the injected apps list. If an app has been successfully injected, a dialog will appear when the app is launched.

 

Ensure the application is enabled.

 

When you reload the app you should see a pop up informing you that the injection has been successful.