Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Intercepting Android version 8.1 HTTPS Traffic

Spencer Feb 19, 2018 12:57AM UTC

Hi there,

I have a rooted Nexus 5x (Magisk rooted) with Android 8.1 installed. I have been trying to intercept traffic with Burp but I'm running into problems that I have never had before.

There are only a few HTTPS requests that I can seem to intercept. Both in FireFox and Chrome, I get a "certificate untrusted" error in one form or another and I can't connect to HTTPS websites. I've tried having the Burp CA installed at a User Certificate for VPN/Apps, for WiFi, and for both. None changed anything. I also tried moving the User Certificate into the System Certificates folder and I'm still running into the same issues.

I'm listening on my computer on it's own IP and an unused port, then putting the phone in airplane mode and turning wifi on, then setting the proxy settings.

Burp will intercept some traffic, but most fails SSL validation, even traffic in my browser which surprises me.

I've tried installing SSL Unpinner from Xposed framework, doesn't change anything. I tried Inspeckage from Xposed and it fails to hook any activity. The only thing I can think of that I haven't tried is Frida Framework, but it doesn't seem to be compatible with Android 8.1 from what I can tell.

If anyone has any ideas that would be very helpful! Thank you!


Liam Tai-Hogan Feb 19, 2018 04:07PM UTC Support Center agent

Android have changed how they handle trusted certificate authorities (CAs):

- https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

We haven’t performed testing on this OS, however, there are some examples online:

- https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/

- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/bypassing-androids-network-security-configuration/

Please let us know if you need any further assistance.


Alok Jain Jul 11, 2018 04:33AM UTC
Please provide an alternate to intercept HTTPS traffic of Android devices v7+ .

Also, request you to please mention detailed tutorial for other readers also.

Paul Johnston Jul 11, 2018 07:25AM UTC Support Center agent

Hi Alok,

The tutorial that users have most success with is this one:

- https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/

Just to be clear, Burp does not provide a “point and click” method to intercept these devices – this is an advanced topic where testers will need to manually configure the environment.


Shathish Ramraj Sep 14, 2018 06:44AM UTC
Could you please guide me to intercept the traffic of Android 8.1 Oreo with out root.

Liam Tai-Hogan Sep 14, 2018 06:57AM UTC Support Center agent

Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. We recommend that you use an older version of Android for your testing. If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator.

Please let us know if you need any further assistance.


Bidyut Mondal Mar 21, 2019 04:45PM UTC
steps mentioned in below URL :

https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/

works very well with my rooted Samsung Galaxy S8 device and now I'm able to intercept all traffic from my Android 8.0.0. The only change I suggest is that make you proxy listener on "All Interfaces" at Burp Suite and don't forget to use below command.

chmod 644 /system/etc/security/cacerts/<cert>.0

as without that your setup may not work.

Thanks.

Post Your public answer

Your name
Your email address
Answer