Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Restrict interception only on a particular app (Android)

Anne | Last updated: Aug 14, 2018 11:18AM UTC

Hi there, I'm new with Burp and want to intercept http & https requests only from specific android apps for testing purposes. I configured burp suite community edition (v.1.7.36) for proxy usage (I add an proxy listener as described in the manual) and I configured my android device also as described in the manual (its a samsung galaxy s5 with android 6.0.1 SDK 23). I get a connection and all incoming and outgoing traffic from this device and all installed apps which are active at the moment and has internet traffic. The traffic is displayed in the http history tab. I also activated the option "automatically add entries on client ssl negotiation failure" in the "SSL Pass Through" settings under "Proxy/Options", so URLS/Apps which using "okhttp" are now also shown in this http history table. All fine. But how can I restrict the interception only on a particular android app? I don't want to see any traffic of the operating system or from other apps, which maybe could be active in background. Is this possible in any way? And if so, how can I achieve this? Please note, that I'm really new to this and maybe don't understand everything. Thank you very much in advance. Best regards, Anne

Liam, PortSwigger Agent | Last updated: Aug 14, 2018 11:36AM UTC

You can use Burp's scope settings to define exactly what is in the scope of your instance of Burp: - https://portswigger.net/burp/help/target_scope Additionally, you can use Burp's Proxy Options to prevent Burp from logging any requests to the Proxy history or the Target site map: - https://portswigger.net/burp/help/proxy_options#misc Please let us know if you need any further assistance.

Burp User | Last updated: Aug 14, 2018 12:29PM UTC

Thank you very much for your fast reply Liam. I read your linked manual about target scopes. It's interesting, but how can I do this with Apps which has traffic to more than just one URL which I probably even don't know? Couldn't I just scope the android app package and intercept every outgoing or incoming traffic from this app package? Or could that package name be used as URL in scope?

Liam, PortSwigger Agent | Last updated: Aug 14, 2018 12:31PM UTC

What do you mean by "has traffic to more than just one URL"? Could you provide an example?

Burp User | Last updated: Aug 14, 2018 01:18PM UTC

I don't know, maybe I missunderstood the meaning of URL in that context... But in my opinion, a app not only target one single domain/url. Many Apps has advertising in it, which produce much traffic to different urls, or the apps references to some external urls, or they include some data via cdn or cloud computing and use different urls and so on. I want to be able to intercept this behavior for testing purposes. I want to dicover every outgoing or incoming traffic of a particular app, which I want to test. Is this possible with burp?

Liam, PortSwigger Agent | Last updated: Aug 14, 2018 01:19PM UTC

If you want to see all of the traffic generated by your browser, scope rules may not be the best option. You could try using the Filter > Filter by search term > Negative search function to remove OS / other application traffic you can't disable. When you use the "Negative search" option, then only items not matching the search term will be shown: - https://portswigger.net/burp/help/proxy_history#filter

Burp User | Last updated: Aug 14, 2018 02:07PM UTC

But, how can I know, that the app I want to test dont initiate that url connection/traffic? Is there no possibility to filter the package name of the focused app? Maybe, the app I want to test don't even have any internet traffic, but during testing burp gets traffic data and I don't know if this traffic is related to this app or another.

Liam, PortSwigger Agent | Last updated: Aug 14, 2018 02:09PM UTC

If you're concerned that the app is initiating connections, you would need to review this manually. Burp doesn't have a feature to perform this functionality.

Burp User | Last updated: Aug 15, 2018 04:01PM UTC

Ok, thank you anyway for your advice.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.