Intercept HTTP Traffic from Android App — AndroGoat

This is the first tutorial on AndroGoat. In this tutorial we will learn how to intercept traffic from Android app. Most of the applications use protocols like HTTP(S) to send and receive to and from Servers.

Analyzing the traffic between Mobile app and End points will help to test server-side vulnerabilities.

Tools Required: Any proxy E.g. Burp Suite
Note: Mobile device and Laptop should be in same network.

In Laptop, follow below steps to configure the proxy.
Edit proxy interface to All in Burp Suite

In Mobile Device, follow below steps to enable proxy.
1. Go to Settings → WiFi → Long press on connected WiFi → Modify network → check Advanced options
2. Set below values and hit Save
Proxy: Manual
Proxy hostname: Laptop IP address not 127.0.0.1 or localhost
Port: Proxy port number

Now, all set to intercept HTTP traffic from Android app.
Launch AndroGoat → Network Intercepting → Tap on ‘HTTP’ button.

You can see HTTP request captured in proxy.

Connect with me on GitHub and Twitter for more insights, updates and tools.