1

After setting up my device with Burpsuite. Im able to capture and intercept request from the mobile browser (Chrome) and only "some request" from my application. I wonder why are some request can't be capture in the HTTP history?

**Note that after setting up the proxy in wifi, my device is showing LIMITED CONNECTION. However I can still have access to internet when surfing website in Mobile Chrome, but some apps (Youtube, Facebook) is totally losing internet access.

Is that the reason why some of my request can't be capture?

Setup works including:

  1. IP:proxy
  2. cacert installation (VPN & APPS) + (WIFI)

Some info

  1. Im using 8082 proxy
  2. Android 10

Update 1

After some debugging, I found out that my application is returning Network Error while firing some requests (those which failed to capture). Though this could be the reasoning of CACERT / proxy set, but I still expect the http request to be appear in burp? Why is not appearing?

Tommy Leong
  • 2,509
  • 6
  • 30
  • 54

2 Answers2

1

Finally able to resolved my issue with the following solution (Credit to the post here)! You'll need to modify/create the following files:

AndroidManifest.xml

  • Append the following line within <application>
<application
...
.....
android:networkSecurityConfig="@xml/network_security_config">

network_security_config.xml

  • Create or append the <trust-anchors>
<network-security-config>
      <base-config cleartextTrafficPermitted="true">>
            <trust-anchors>
                <!-- Trust preinstalled CAs -->
                <certificates src="system" />
                <!-- Additionally trust user added CAs -->
                <certificates src="user" />
           </trust-anchors>
      </base-config>
 </network-security-config>

Reason being, changes to Trusted Certificate Authorities in Android Nougat. Read more here

Seems that, there are also some similar suggestions in other post which I have missed.

Something to take note:

Even the APIs are working now in app, but there are still some services within the app doesn't work as expected. In my case it is Codepush.

[CodePush] An unknown error occurred. [CodePush] Unexpected status line: HTTP/2 200 OK

However . . .

Though the solution above resolved my issue, yet it doesn't really answer my doubt. Why in the first place another API (this working API is from different service) works without implementing the solution?

Appreciate if one could shed some light. Thanks!

Tommy Leong
  • 2,509
  • 6
  • 30
  • 54
0

If the App is used Certificate Pinning you will not be able to Intercept it, to intercept it you need to bypass Certificate Pinning, Download Frida Server here, and make sure to select the type of your processor(Architecture) Here is the configuration guide also use this code to bypass Certificate Pinning.

The other option is to use Objection to bypass Certificate pinning,

Run this code to install Objection

pip3 install objection

Run this code to bypass Certificate pinning

objection --gadget "com.google.youtube" explore
[tab] for command suggestions
Jimale Abdi
  • 2,574
  • 5
  • 26
  • 33
  • Hi @Jimale, my app is not using any ssl cert pinning. – Tommy Leong Jun 05 '21 at 12:11
  • If your device is rooted use [this](https://play.google.com/store/apps/details?id=org.proxydroid&hl=en&gl=US) App to set up the proxy without changing your Wifi settings. – Jimale Abdi Jun 05 '21 at 14:11