Burp on Android
Follow steps 1, 2 from portswigger official guidelines. Then do the following in step 3.
Step 3: Install a CA certificate on your Android device
-
Export your Burp Certificate
Proxy > Options > CA Certificate > Export in DER format -
Convert it to PEM
openssl x509 -inform der -in cacert.der -out burp.pem -
Download it on the device
-
Install device from CA settings. (Look for CA)
Step 4: SSL Pinning
Doc snippet taken from https://frida.re/docs/android/
$ pip install frida-tools
Download version of frida-server in https://github.com/frida/frida/releases. Then, to run server:
$ adb push frida-server /data/local/tmp/
$ adb shell "su -c chmod 755 /data/local/tmp/frida-server"
$ adb shell "su -c /data/local/tmp/frida-server &"
Run hooks once server is up & running.
$ frida --codeshare akabe1/frida-multiple-unpinning -U -f app.name.package
Setup:
- Device: Samsung Galaxy J7 Neo (SM-J701M)
- Frida-Server: frida-server-16.0.11
Resources: