TRAFFIC INTERCEPTION OVER HTTP AND HTTPS
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrYamkEx0tzfPWOZ90U9qf711lYaxLx18jb4xDA4sVVNYiHD7z2fAa2lGGn6Jxf48kV_DY1sRa6jHdQWUPaVfbEQpA478FoCuM4VhKwSEAtw1fFePo-MKJQdhgODlmRecB3uUzqXbzYeUS/s1600/screenshot.1.jpg)
- Connecting Santoku to Nexus 5:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGnpxShkI40GLYfZbP9aTIVtTH8VBrxfR2vyTHjADOxpr2rQ4A8EI0v8-m98PtyxCyCZRCFQnWnZxGJ2h-fQh-J3MEDovbUbRQEdtBNhdOKt5DsMAs83j2EdjIKAdrdeRdw95WUzH70hmX/s1600/screenshot.6.jpg)
1 - INTERCEPTION OVER HTTP
- Clicking Settings on the Nexus 5 device:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsBDfvS90lvWyVtms-2yJt6CuduvzMHCPNYQBBXT50knCgpmLZOLthzIz8_dxPCeSbDn9MG_Bxy2EG3h_ogQQB3VY5-5QPW1kMNVEVH36BfjUJ551GtfKeeptvoaKBYpEtXxtnfQswAMMq/s400/screenshot.9.jpg)
- Going to the Wi-Fi connection:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFQpQXwGwp1ia_tJE6GkirdBNp0Fp3Yjcp3alkNG7Bimebn5TQzN1W9e8Y0nZE_-8oiaQNoDTPGEo5H88OwJ-IbLuIRfQ3KZPk-_6WbjmRlky4W1MTjIASCH7mj4AHnkN1Zn3ORFYnkLHU/s1600/screenshot.10.jpg)
- Modifying the connection:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZaSxcS3qBaxgzLIomF7RGRa9uWVQgErEGdoeknBw7L8PDEOPdZFqTjLNkJhaTtMFfijf0yG-Q_RiglvuJiADXlT4zWPmzQe878YuZIiegJmBZ7IhGQG8TJJJhHGxVRpQLbo3FScTrJv4p/s1600/screenshot.11.jpg)
- Showing advanced options:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWQk_VaEaj3k9pmJAWRDLuS0bH7nuA_KVoDNTDtEJrE3IYULBiggfzWictWpKE4wUKFPuk2AJvwDNgUkrBPg0kND8_YNI2zcFCoCjt5V_VoRdSYclTvIipjX_y8G2Cp13j2IjWcjT8hKBz/s1600/screenshot.12.jpg)
- Enabling Proxy manually:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgw6Q2dQflh6ihyxlzI4qHSrHmjMkAGyQkXwJjSQ4mO8oN9YcJhfaCGS8yrk3xiBWGzvz4jzsaHDAQfNEn4o4CB8GqRWGrRtl6GdC9XNe3egTVZtax17GK0Ojuby0E5mH76RnqBKAIpnKya/s1600/screenshot.13.jpg)
- Entering Santoku's IP (192.168.1.12) and port 8080:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf1aHQB2h8YbWKcO6vckEAfuIbNX9RuH7bfvauQlenJD-gKapQCzTL3mxcP1jYrksvSWFUwodskEOf9kEjNIIKwFKD0pBcu__jXXC6wjq1I8kWQH9m_XwL6XPIuPFGNvjhNmQ9JuTUK71w/s1600/screenshot.14.jpg)
- Starting the Burp suite at Santoku:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPk04e0HNAe_UKDIq7kh34iOfr3Sbh_wurywBEtNebd3I4DqRh3AwIjI4PogoYQjw4nUClRcj4Sd6IZNW4swK55FpeiYtP41pCsc8Tp8_GN2mOsN8A3fOgO7zT9UaXBVJnvwv-LJUJJR5P/s400/screenshot.19.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXUbHd4vsXWyx9gW1-WByjaZ8ZNTpgrUp7x2r2hXhBm7a3_y9Q2EAeGtq9PwO1KBD6feVUUrWyVNKd0JZqwOZByLzoey7v_JgkaeSdbR0lH8BgWcG11zdrSOETgujhf_BxsZHKOwoeAtR9/s400/screenshot.45.jpg)
- Configuring Options for Burp:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFYp60M44mB1QitLoolORcnGmNZudU7SCYG14JfMLbVEQ7oPU3PU6knbsjqF_2VQE86Lnsd2zeVq-7dJwvAfJVXA5Hj6xBuGLBUwVWNnPFCxRpqSJBpT3_0_03Ec5IofPufikV1XctfMmi/s1600/screenshot.15.jpg)
- Editing for listening on all interfaces:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKWr-FdqwEN17MbPYkCtLbWzBjKj6yKqQkfthzI8tWzoMzwqFzwrbPHWwbwN766k46pFBBLWW_PL5x4cyX9ZjmAmJZ0S4USOnDDLl6leR0Bn2L-ZX4p8TBPmXpIrg6pnHFvRjb2CA4fVme/s1600/screenshot.16.jpg)
- Editing the listening rules:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRIKZ6lpjLs7CPZOfDG1UiobfPPJyguirCGQymRps8PAQ7CMR8WVzZMBvj17rXYlRwTrOERjHN0fwipqIlkYqWLnoTaiSCgO_gkjFS4WwZwsSAcX_BU4nTgMjmpSNJomXCl945Zy-Wdy-r/s1600/screenshot.17.jpg)
- Enabling the interception (on), the proxy Burp is now ready to read all traffic originated from the Nexus 5 device:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB7bPlDqnXYp3zvyOZ0ofpwIEhH4HbHJKyG28DFW_-8G3zHUSw8JaKQe5yzGcD0UZUX7N0YDa_CqF1Z7ZWPJ4EYGQNMaaTw-JII67AchGHyX0e-9eA4KsTmCARsobH9LuqRv_3JrzbQ_JL/s1600/screenshot.18.jpg)
- To check the correct functionalty of the Burp proxy, let's install an application like Any.DO, what sends data to a web server over HTTP:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8eYX2LHkQQCGgTzG5qqILIhDA7wc54ZvzKkJkyAo9Yy8AEKecYo2w_KEHg2_CBahMkHXrloG49o1wePusxFXRPitEF78ZQ5Vwr65U07Fl__hRc0Hjl6BBm3l0amTjG5U8yR0eyFixS9CF/s1600/screenshot.20.jpg)
- Starting Any.DO:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsX_QeFiFCdu2R1TopNNjhZ6HskVEYPg3X51OLWk0ajan65JOPsag4WPcUr78P3Ki1EeNXudXScIKRNZJM_ipNXxMvK7ZXCPZu0UHiGMICmfRzTjFdbRxvHTVez2x5B0swAt0TG3AawnSg/s400/screenshot.21.jpg)
- Signing in the application:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoO9wHQbSUMjIG5goBzcC3yufDd-CDBS7FxC7QoCAp-ZSFSp-XM0nxRuVcfGR1owKxJG93Y9eJdIsjuqxOkX1NXM9UYOIfqJLfCJGUhYy_lTSQgkJBeOgwnA18p_5CvthhZkPUygEytNGU/s1600/screenshot.23.jpg)
- The interception is successful, because Burp displays both the username and password of the "signing in" process:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxjs1xFdCeLWfXZK3wOCtSP6ClpLgrdumA4MUOJmqtJh0a42SNJOcaIiStWwiTwXt14Poss0Hjq_jmqVIY0aj0Dvm-Hn6eNP9c1YlJzhWCb9GShVXLQBLFArAPHViRrnUii6QT6OMjTEem/s1600/screenshot.22.jpg)
2 - INTERCEPTION OVER HTTPS
- For the purpose of intercepting an HTTPS connection a certificate is needed.
- Going to http://burp, there is a tab for downloading the CA Certificate:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmdYZeT8ekrcC7wa8UENzEiSDRdd0-7y7wXN-iIDuAq21iV33VzZELxOEGkbn8aPX7BiP1QK_zo-Go34uP9RpTVR3i_VFZ36ys0HyG3xwT94IiN96bdZtWdCqEjCxtAh4azQC6u1zxXVAy/s1600/screenshot.26.jpg)
- Dowloading the CA certificate:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirc_fLyagt2aFUfk7CnIbNPr8F-ykMQ0wukCDoFiwHu4g2kGGQYGwNzUIgKLVo2ro0LbkZd3UHF12rxAkgdWiWDOMbtgeullvGxwAnx1fCkBu_oV8rfaI7pwtaT6err5IU73jd7CP64c5S/s200/screenshot.27.jpg)
- Going to Settings -> Security:
- When trying to install the certificate, there is a cacert.der file at the Downloads folder.
- However, Android needs a differente type of extension (.crt, and not .der) to validate a certificate:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuHfYlE6B-MGgjSwxzNBRczIz95DuhRmdTexSraaZEQjM3FgEpVjPERE99AR_jAJOTqEnZwEKDq8KzY2pAYQJxBGnzFGjTGFfADtM8kl0nCEeI0GzShrwQLGl_Cl0qFNYJj5nlyD7Y5FS5/s400/screenshot.30.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDNdmZHcvnYQQ6RWQCg7ntMmWf46C5RYzyN02c5yHHFI62Q6bK-dkZeaY5_qHTdkhx3oTB5e63OoJNYk2EQa83yPJvGTMmTM1Oi24xZgb2ZVOzi5dCubZIWsMg_QJ413YHjQW5b_mZiLTv/s400/screenshot.31.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8T8SajKDpDR2ZI7yF63BVBFLF-s-jI2dhJGV6TN5gXlwxdrR-0heO2gDhfeZWdDEsODPSJVGZMdQY5Xfeo7acdI0-_pPi0EmzvKDaM7aIRZeNwKaMD_xQacVDquV9ZRmxeSAewwMQ6Rr8/s400/screenshot.32.jpg)
- Going to Santoku, and accessing the Download folder of external storage:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2MEhMwFkFhZh58LWnHBeEKuOMnabmp38AM3SfbriRCafRGfbPIQBpzyhWjEFfttAFb8p_JfmjRHH5GxJQQgeT5HETYyeoWw52PFstIkCGIgA45n_aLzZCYN_LfD8soqhyphenhyphenFCrqG5dwKcrw/s1600/screenshot.33.jpg)
- To make the certificate readable by Android, just renaming the file extension is enough, from cacert.der to cacert.cert:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGSnSG2vfAloWzO6hJvBy5vcWUGanRnESnoANpnjX_8lTtHHNji8fsjpP2AjdwV9LYzS_eYdwOLh_hT-DWJAk9RUQbqGF_azYR2vdaUQ02IeUUXhd1-Td9PExjmtNFloIQ-L8uA2YkKMp7/s1600/screenshot.34.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCzwjCNSrTRz6RRRP28LRIviF1p4bQWGFx_GUItsIBn5HX18-0TU_4xmZQxo4vajtrREdvgUPBQUffIfDRr0leMKfrtIQyKECPRx9iZyAnAMO5f_e7bpRdkMMYL5-n3l7TjbBhRyuuPG3p/s1600/screenshot.35.jpg)
- Now, going back to Nexus 5, the cacert.crt file is available to be installed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3rNMpQEUldr0HRavQbluF7yIZuG2a31O6P_k27jal_iGDuT8K2CYf5J9yRoad6LxCskAYYGq4hbjxRaG7YZnnRth4kvSeLxoUVmPEPaK5wS9F_-WWJcDnIXS4LcpTbEcui8tSA3W2_rbW/s1600/screenshot.36.jpg)
- Giving a name to the certificate:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx3AmcNcUop00zP1RQOCWA-YkuaRCaykvkS0IslC5iH-LER5jGQXF_f-FGlNgCIYpzwza0mbLV8HWJeW5Z_zKr-ZDI4dO1jc4E2G0XtrO621EqPYNuy1D0l9gFT9pCfNHrzy7HSoBemdWl/s1600/screenshot.37.jpg)
- When trying to perform the installation, a pattern, PIN or password is required:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOZGJ0dtkNPcpIeI5R91YMl-rVySKDP7ysYBigYvU0I1h1OuGol_wxgBViTRTD86CTYtLhfnolZOyx7Jlmu5Z3O6kWeR7iMobOPFQUQnIFBMIurIXeUdbKwUGDN2pbUK6db_3NgMrztw3t/s400/screenshot.38.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTPq1A64GKtpTFaUTS3LkCnRZ-NZmwpJmb5QkGWg0yhYR-D1hqZqSxxIMFHUSuTMXMWnS72qX3CMwkOilWrwREbbuzkk1rPBM0wjb0XlCWrW5zg4i1OV15Jk1PCh3LGNPD-Dsg6DkHg_Is/s320/screenshot.39.jpg)
- Picking up the PIN option:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_srVeYctI2nC9ypdC-YdiDabGWMI4ukeZSfNZsuC0bx4KT9m9kFIPLohRbZWnJUqKI5ISRtJEwOCPzOn23Bqyi_UtgJ9FK-raqHyt5DDsODV0BM3FNI7WOFMFCKVc3gOUVi8w5bTJaYIi/s1600/screenshot.40.jpg)
- Chossing a PIN:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4U57rIuFm9GoejrHEfxENtmU1pVbLHjuiXMc0TYzkjnN9F-D8KcMhmxEtZd3tOte6TqW8xo9TdqaPNFjNMxotp6m6pJt5CrykpL7a5RimQtz6_xX8LG2Kd5VijVhBTWhSksKKBoo78prr/s1600/screenshot.41.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6gOPBNUJfYzuC8Um0q2swqU_TfmrpoEWMhCdpMPCUFHOs_TpN807qsIvVXhNtoMVti5IAemMJa9U1mCMk96URIRoq5o25Ol4lz48x2nsD0B_wtvQ6kvnkiL0DTZN95hML3ETkzsN8_yhY/s1600/screenshot.42.jpg)
- Finally, the certificate is installed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlwNA2i1bBfvkLJU5bvLUudrjsIfXjgQ7WTKApgylHa4RPFd4EAXRA84SrGWsAi7yTyJ76qnwKJ-wuIc8Tgr_ILUSP4R2hDZ3mQ4jB_3vFYlAUM28UUifsb0uX1tDowViZkGZsJsEyS29c/s1600/screenshot.43.jpg)
- Going to Trusted credentials (installed by USER), the certificate is available:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmbb_67kvP2nFPlRloIOeRIfjv7lloNRMKZ8b1I7uamvZ0avRPJkvrWCfRtcgDzvvlBznYWqKqlf8oCSHFqC8nf3l5zuayDhKgY_zpg2atJhyphenhyphen70u7rnf_xRKDQxgP4JpFzTCXuXy6m36yD/s1600/screenshot.44.jpg)
- Now, connecting to a website over an HTTPS connection:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc9JdQGacpJfJDmjF-K2CJt6xxY7g3pvBSfic5ogxmUSpYYgXZOdjiy1DZ16hXSfqQ_i8Nqe9HJm-YVVUF7MmVaVGr6eYO5bfUpe003lbwon_u0lxeNn0ddHrIqGHf666thl8a4kaitzjm/s1600/screenshot.46.jpg)
- Burp detects the HTTPS connection:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYZo__9IEU7Q4Kxnq2J_mIz83HtvsPHJQZ_FatDIKoQ3zMjYIu91ozjnvWqiZT1m4amV8tA9fx0suLDVT5xlaR-K9yBW-_NuCoHT9j02fsJdci7lQEbJPXQof8-1fENgc8RV2WR-OVQ_Lu/s1600/screenshot.47.jpg)
- Checking the features of the HTTPS connection, and clicking the lock icon before the URL:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH4gvfxIOH9VYSKDtXYZVITjBS7DcXC6rOKC6RhdGwivH8J7YO9DkUlxTKsRtoh6H6mSVTavHftFPAnMENQeHASDu-Ct7H_uReOc1ub8XPSsSASUlwvxQFtg98kvXh7woSI2hydM5qA-oN/s1600/screenshot.51.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4iNMJtxe6maDKtUlJ2db2qAIsngyWvPj2_xrO41z6ZnoHENYuKq4lp_m7eT1ddMCpGGuEDK_zTe1bwzQTxsyQhn96T07H088T-zdXeYXSTJD6A_5EnTGnTQSsb03661uyt-p1t9MhsRGD/s1600/screenshot.49.jpg)
- Viewing the certificate:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTn-0TkQpNe2OgHMr50TgO6-1icbOTjD4nzUQ4bHvhyphenhyphenGm6NnNVFo0MboNIMXSZ9QpwXvuhRZYlUlUiGiD6_9OPrLh11061Pou54oc280uw_pBaCpFfjPlWyhmrG2R0k8GchdV7-X-x-SAv/s1600/screenshot.50.jpg)