Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Intercepting data on Android Device

Joshua | Last updated: Jul 04, 2018 08:33PM UTC

Hello, I am still struggling to troubleshoot the issue I was facing earlier. I am trying to use Burp Suite to see my network traffic on my mobile device however when I connect it I can see the request in the Burp Suite however my phone will not connect to any web pages including HTTP or HTTPS. In the "Alerts" tab I have the following error: The client failed to negotiate an SSL connection to (website):443 Received fatal alert: certificate_unknown I have downloaded the cacert on the device, renamed it to cacert.cer and installed however this didn't help. Earlier on it I was told to check out this article: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ Unfortunately I was unable to rename the cacert to the appropriate subject_hash. I kept receiving the follow error with OPENSSL: OpenSSL> x509 -inform PEM -subject_hash_old -in cacert.pem |head -1 x509: Unknown parameter |head x509: Use -help for summary. error in x509 Any further help would be much appreciated and to clarify, I have tested this on Android 5, 6 and 7. It implies that troubleshooting guide is Android Nougat (7) only too, is this correct? Thanks in advance.

Liam, PortSwigger Agent | Last updated: Jul 05, 2018 07:26AM UTC

Has this issue also been resolved Joshua? If you could provide details of your solution, that would be of great benefit to other users.

Burp User | Last updated: Jul 05, 2018 04:35PM UTC

Unfortunate not. Whilst I have been able to semi-successfully connect my Android 5 mobile phone. I can only see some data and I still cannot access the internet on my mobile device. I cannot cannot to any website on the device including both HTTP or HTTPS.

PortSwigger Agent | Last updated: Jul 06, 2018 09:22AM UTC

Hi Joshua, Thanks for following up. Firstly we should investigate the HTTP problem. For this to work: 1) Run Burp on a computer, with the Proxy Listener configured to listen on all interfaces. You must also make sure a host firewall is not blocking connections. 2) Connect the Android device to the same network. You must make sure a wireless network allows peer-to-peer connections. 3) Configure the device to use Burp as a proxy. There are instruction here: - https://support.portswigger.net/customer/portal/articles/1841101-Mobile%20Set-up_Android%20Device.html 4) Check this is working by visiting http://example.com/ Let me know how far you get. Once HTTP is working we can look at installing the SSL certificate to allow HTTPS interception.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.