Tuesday, December 13, 2016

ANDROID PT / Traffic Interception over HTTP and HTTPS


- Layout for this exercise:

- Connecting Santoku to Nexus 5:


- Clicking Settings on the Nexus 5 device:

- Going to the Wi-Fi connection:

- Modifying the connection:

- Showing advanced options:

- Enabling Proxy manually:

- Entering Santoku's IP ( and port 8080:

- Starting the Burp suite at Santoku:

- Configuring Options for Burp:

- Editing for listening on all interfaces:

- Editing the listening rules:

- Enabling the interception (on), the proxy Burp is now ready to read all traffic originated from the Nexus 5 device:

- To check the correct functionalty of the Burp proxy, let's install an application like Any.DO, what sends data to a web server over HTTP:

- Starting Any.DO:

- Signing in the application:

 - The interception is successful, because Burp displays both the username and password of the "signing in" process:


- For the purpose of intercepting an HTTPS connection a certificate is needed.

- Going to http://burp, there is a tab for downloading the CA Certificate:

- Dowloading the CA certificate:

- Going to Settings ->  Security:

- When trying to install the certificate, there is a cacert.der file at the Downloads folder.

- However, Android needs a differente type of extension (.crt, and not .der) to validate a certificate:

- Going to Santoku, and accessing the Download folder of external storage:

- To make the certificate readable by Android, just renaming the file extension is enough, from cacert.der to cacert.cert:

- Now, going back to Nexus 5, the cacert.crt file is available to be installed:

- Giving a name to the certificate:

- When trying to perform the installation, a pattern, PIN or password is required:

- Picking up the PIN option:

- Chossing a PIN:

- Finally, the certificate is installed:

- Going to Trusted credentials (installed by USER), the certificate is available:

 - Now, connecting to a website over an HTTPS connection:

- Burp detects the HTTPS connection:

 - Checking the features of the HTTPS connection, and clicking the lock icon before the URL:

- Viewing the certificate: