Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Could not intercept mobile application which is hosted behind cloudflare

Saravana | Last updated: Sep 14, 2018 06:24AM UTC

I am trying hard to intercept one particular mobile application traffic which is hosted in Cloudflare. For other mobile application and mobile browser, it works fine. I have done proper burp certificate installation and proxy configuration. Let me know if anyone came across issues like this.

Liam, PortSwigger Agent | Last updated: Sep 14, 2018 06:57AM UTC

Thanks for your message Saravana. What seems to be the issue with intercepting traffic from your device? Are you seeing any error messages?

Burp User | Last updated: Sep 18, 2018 09:49AM UTC

I could not capture traffic from our application. I am using the latest version for burp suite pro version.

Liam, PortSwigger Agent | Last updated: Sep 18, 2018 10:00AM UTC

Are you seeing any error messages? Have you tried using WireShark to take a look what is happening to the traffic?

Burp User | Last updated: Sep 19, 2018 03:34AM UTC

Yeah, I can see error messages in alerts tab. Below I mentioned error message. "The client failed to negotiate an SSL connection to XX.XXX.XXX:443: Received fatal alert: certificate_unknown"

Burp User | Last updated: Sep 19, 2018 07:17AM UTC

FYI: I am using one plus, android version 8 (Oreo) mobile for testing.

Liam, PortSwigger Agent | Last updated: Sep 19, 2018 07:22AM UTC

Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. We recommend that you use an older version of Android for your testing. If you must use Android Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.