How to configure your Burp for intercepting Rooted Android traffic.
In order to intercept application traffic in burp, you first need to root your device in my case I have used google pixel 3a and Magisk for rooting the device. you find many videos and articles related to rooting devices so, I am not covering this here.
Firstly make sure that both devices ( PC + Rooted Device ) are connected to the same network. After that you have to configure the proxy on the device — -> configure the proxy in burp — -> Install the Burp certificate as a user certificate — -> Install the Burp certificate as a System certificate. Let’s do each step one by one.
Setting up the device
The first step is to configure a proxy on the device.
Go to Settings > Connections > Wi-Fi, select the Wi-Fi network that you’re on, click Advanced > Proxy > Manual and enter your Proxy details:
Proxy host name: 192.168.1.100
Proxy port: 8080
Setting up the Burp
Install the Burp certificate as a user certificate
- Visit http://burp.
- Download the CA Certificate.
- Rename the certificate with the “.pem” extension.
- install.
- Go to Settings > Security > Trusted credentials > User and check your burp certificate installed.
After this step, you will be able to intercept all browser traffic in burp. in order to intercept app traffic you have to install the burp certificate as a system certificate.
Install the Burp certificate as a System certificate
You may also follow this to set your burp certificate as a system certificate. It works fine in emulators (like- Gennymotion), But in the case of a Physical device sometime you are stuck with an error system that is a read-only file. So, we configure it using the Magisk module.
Using Magisk
- Download the MagiskTrustUser module ( go to the GitHub page -> click on Releases and download the zip file ).
- Go to the Magisk manager app on your device — -> click on modules — -> click on install from storage and select the zip file.
- Click on Reboot to Restart your device to enable the module.
- Go to Settings > Security > Trusted credentials > System and make sure your certificate is listed.
After this, you are able to intercept all application and browser traffic in burp. if any traffic of any app is still not intercepted then SSL Pinning is implemented on that app. in this case you have to bypass the SSL Pinning.
Thank You, If you still have any doubts regarding this and infosec feel free to reach out to me on any social platform. Don’t forget to follow for more infosec-related queries and knowledge.
