Facebook,Messenger, Instagram traffic interept problem.
I am having a problem with intercepting traffic of facebook app, messenger app, instagram app from android mobile.
It is intercepting all other HTTP/HTTPS traffic other than these above apps in my android app.
Showing an error that unable to connect to the network.
Help me out of it.
Thanks for your message.
It’s possible that the native apps are not using the CA certificate that you have installed on the device. Some native apps use their own certificate trust store, and some implement certificate pinning to only trust specific server-side certificates. In this situation, breaking the SSL tunnel is non-trivial and may entail jailbreaking the device or using some other advanced tools / anti-cert-pinning tool on the device itself.
One of our users created a short video on the process:
In the video they go over how to setup Android with ProxyDroid and FS Cert Installer to push HTTPS App traffic to Burp Suite.
They also provided these basic instructions.
Burp Suite Host:
• Reset burp suite
• Turn on listen to all interfaces
• Remove all User Certs
• Stop task and remove data for ProxyDroid and FS Cert installer ( you can just uninstall reinstall )
• Put the phone in airplane mode then turn on WIFI
• In FS Cert put in proxy IP and PORT then click the middle button Add CA and add it under WIFI Cert in the dropdown
• Then click test chain and it should all be green yes for www.google.com
• For Proxydroid just put in the IP and port and also tunnel DNS
• Kill or reinstall any apps before you start to make sure they go through the proxy properly
Please let us know if you need any further assistance.
You could try using the NoPE extension:
The Facebook app uses certificate pinning in custom code. Unfortunately, it is not easy to bypass this – even tools like SSL Trust Killer won’t work.
You would need to modify the code within the app to remove the pinning checks, which is certainly possible in theory – but a major undertaking.