Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp with VPN in mobile.

Dhaval | Last updated: Jul 06, 2018 10:21AM UTC

My android application works when it is connected to VPN only, I have installed VPN in my mobile and now my application is working fine. But problem is burp is not able to intercept request when mobile is connecting to VPN, what configuration I am not doing correctly ? This question has been asked by many users, strange that Burp support team is not responding properly.

PortSwigger Agent | Last updated: Jul 06, 2018 10:56AM UTC

Hi Dhaval, Intercepting an application like this is usually possible, but it is an advanced topic so you should expect to do some experimenting and encounter some issues. First of all, install the VPN on the laptop that is running Burp. Remove the VPN from the android device. Then configure the android device to proxy through Burp. Check that you are able to access websites like http://example.com/ When that's all working, start the application on the android handset and it should proxy through Burp. If this isn't working, there are a number of things that could be going wrong. Your first step would be to use Wireshark to investigate the network traffic in more detail.

Burp User | Last updated: Jul 10, 2018 08:26AM UTC

Its not helping, Kindly provide some other workaround. :(

PortSwigger Agent | Last updated: Jul 10, 2018 09:09AM UTC

Hi Dhaval, How far did you get? Did you get some Wireshark captures of the app's network traffic?

Burp User | Last updated: Jul 10, 2018 01:46PM UTC

Once VPN is connected Burp suite is not able to intercept.

PortSwigger Agent | Last updated: Jul 10, 2018 01:56PM UTC

Hi, Can I just check: are you able to visit http://example.com/ on your mobile browser, and see the request in Burp? If not - you need to sort that before attempting this app. Are you sure you're picking up the mobile traffic with Wireshark? If you are, it sounds like the app is not going through a proxy. You should configure the proxy to be your computer, with the port Burp is using (default 8080). If the app does not use the proxy setting you may need to use this technique: - https://support.portswigger.net/customer/portal/articles/2899081-using-burp-s-invisible-proxy-settings-to-test-a-non-proxy-aware-thick-client-application

Burp User | Last updated: Jul 10, 2018 01:57PM UTC

While using Wireshark I have got one destination IP, Source is my own IP and destination is another IP, Should I use that Destination IP in mobile to configure ? If yes then what port I will be giving ?

Burp User | Last updated: Jul 10, 2018 02:41PM UTC

Paul, I am doing below things as of now : VPN address is fw01.vpn.********.com I am connected to this VPN in my PC, same PC is having burp suite. Now please tell me what IP I need to pass while configuring in Burp and what IP I need to pass in my mobile to connect it to BURP SUITE. I hope you are getting which setting I am talking about.

Burp User | Last updated: Jul 10, 2018 02:50PM UTC

I guess burp is failing to work while VPN is connected, As I am not seeing much help on this topic over internet as well. All answers are hit and trial only. Its confusing which URL and port to pass in burp suite and mobile to make it working when VPN is connected.

PortSwigger Agent | Last updated: Jul 11, 2018 08:53AM UTC

Hi Dhaval, The answers are hit and trial because this is an advanced topic and depends very much on your particular environment. You should build up more experience intercepting easier apps before attempting this. You have not answered whether you can browse http://example.com/ on your handset and monitor the traffic in Burp. That is an essential requirement. You should not need to enter any IP into Burp. What should happen is that the app makes an HTTP request, which is proxied through Burp. This request contains the host name of the destination. Burp will resolve this and forward the traffic.

Liam, PortSwigger Agent | Last updated: Jul 18, 2018 01:14PM UTC

Hi Dhaval Could you tell us which VPN software you are using? We're going to try to reproduce the process and hopefully create a step-by-step tutorial article.

Burp User | Last updated: Aug 02, 2018 01:55PM UTC

Hi Paul I am also facing the same problem. My Android app is accessible over VPN on mobile only. If VPN is connected in base machine then also App will not work. App will only work if VPN is connected on mobile. But then issue is how to intercept the traffice, if VPN is connected on mobile. If VPN is not connected in mobile then I am able to intercept request in BurpSuite. Please help me also with this issue. Thanks.

Liam, PortSwigger Agent | Last updated: Aug 03, 2018 09:50AM UTC

Deep, can you browse http://example.com/ on your handset and monitor the traffic in Burp? Which VPN software are you using?

Burp User | Last updated: Apr 04, 2019 04:38AM UTC

I am able to connect to https://www.google.com in the mobile but the app fails to connect in the VPN setup

Liam, PortSwigger Agent | Last updated: Apr 04, 2019 01:34PM UTC

Do you have the VPN software installed on your mobile device?

Burp User | Last updated: Aug 20, 2019 10:26AM UTC

Of course it is possible, I am located in F China and have to using obfusted traffic to connect to proxy server out of GFW, you just need to configure VPN to process all of the traffic of your PC, then you don't need to f about disgusting thing like port forwarding and windows or firewall, in my opinions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.