1. Sniffing HTTP/HTTPS Traffic of Android App on Non-Rooted phone.

While performing Android pen-test, you would also need to check what data Android app is sending to back-end server. You might be interested in not just viewing, but manipulating the ongoing communication between mobile app & server or sometimes IoT device. For this you need to have HTTP Proxy running in your laptop, where you can read as well as modify the HTTP/HTTPS traffic.

 

The Setup requires following:

  1. HTTP/S proxy Tool (Burp suite / ZAP etc.) running inside your Laptop
  2. Mobile & Laptop connected to Same WiFi
  3. Mobile device running OS 6.0 (i.e. Marshmallow) or older (For Device higher then Marshmallow referer – )

 

 

Step:1 Adding Proxy Details to forward data from Mobile

To Start with lets identify IP address of Laptop. Now from mobile Settings navigate to WiFi, Long press on your connected WiFi network & find Advanced options. Expanding Advanced options, you would see Proxy settings within that choose Manual, by doing so you would be asked for IP – here enter IP address of laptop & Port No keep it 8080 (you can use other if you have 8080 occupied for some other thing).
Save all these settings.

 

Step:2 Starting Proxy Listener within Laptop

Launch Burp suite (or zap or any other proxy tool) and come to Proxy Tab in it. Now come to Options subtab, select the Listening interface & click edit. From the pop-up Keep port 8080  (or different if you choose another in above step1) &  select All Interface For Bind to Address option. Click OK. You would notice in Alerts Tab saying proxy started on *.8080. Additionally you can enable Intercept server response, not mandatory.

 

So by now if your app has only HTTP communication, you would be able to intercept everything. But if it is HTTPS, then we would get SSL Handshake failure saying client failed to negotiate SSL connection – fatal alert:certificate unknown within Alerts Tab of burp. Hence to intercept HTTPS, we need to install burp certificate to perform MITM successfully.

 

Step:3 Adding SSL/TLS Certificate to intercept HTTPS

Open browser and type http://burp & download burp certificate from the web-interface visible there. Using any File explorer rename the downloaded certificate to anyFileName.cer (we just need .cer extension for certificate store to recognize it, you can name it anything). Now from Security Settings > Install Certificate from SD Card  –  Choose the .cer what we just renamed. Name this certificate installation to any name of your choice & rest all things default, saving it you would be greeted installed successfully. (You might be asked to make PIN if you haven’t). (Alternately you can export certificate from burp proxy and then copy it to mobile device over USB/ share via email.)

 

That’s all. Now you would be able to capture HTTPS data also from the app, unless the app is having SSL Pinning. If you are using device running Android 7.0 or higher read – intercepting HTTPS on Android 7.0 Nougat or newer.

Report Errors + Bugs & Become Insider for Nestedif.com

We would like to hear you, if you find any error or misspelled phrase while reading our tutorials. By reporting mistakes through email to insider@nestedif.com you could help other peers.