Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

PROFESSIONALCOMMUNITY

Configuring an Android device to work with Burp Suite Professional

  • Last updated: November 25, 2022

  • Read time: 3 Minutes

It's possible to test web applications and mobile apps using a rooted Android device. To do this, you need to do the following:

  • Configure your Burp Proxy listener to accept connections on all network interfaces.
  • Connect both your device and your computer to the same wireless network.
  • To interact with HTTPS traffic, you need to install a CA certificate on your android device at the system level.

Note

From Android 7 (Nougat) onwards, you need to use a rooted device in order to install a CA certificate at the system level. Rooting an Android device normally voids the warranty and there is a risk it could become unusable. Please understand the risks before proceeding.

Because of the diversity of Android devices and Android emulators, we can't give specific instructions for every step of this process. However, we provide links to some external sites, which may help you to complete your configuration.

Step 1: Configure the Burp Proxy listener

To configure the proxy settings for Burp Suite Professional:

  1. Open Burp Suite Professional and go to Proxy > Options.
  2. In Proxy Listeners, click Add.
  3. In the Binding tab, set Bind to port to 8082 (or another port that is not in use).
  4. Select All interfaces and click OK.

    Add a proxy listener - Android
  5. At the prompt, click Yes.

Step 2: Configure your device to use the proxy

Make sure that your Android device is disconnected from the Wi-Fi network before you attempt to configure the proxy settings:

  1. In your Android device, go to Settings > Network & internet.
  2. Select Internet and long-press the name of your Wi-Fi network.
  3. Select Modify.
  4. From the Advanced options menu, select Proxy > Manual.
  5. Set Proxy hostname to the IP of the computer running Burp Suite Professional.
  6. Set Proxy port to the port value that you configured for the Burp Proxy listener, in this example 8082.
  7. Touch Save.

Step 3: Install a CA certificate on your Android device

In order to interact with HTTPS traffic, you need to install a CA certificate from Burp Suite Professional on your Android device. This step is complicated and it varies across devices and versions of Android.

In addition, you need to make further configuration changes in order to proxy HTTPS traffic from a Chrome browser that's at version 99 or above.

For further information on how to perform these steps, you can refer to the following external links. Please note that we're not responsible for the content of these pages:

Step 4: Test the configuration

To test the configuration:

  1. Open Burp Suite Professional.
  2. Go to Proxy > Intercept and click Intercept is off to switch intercept on.
  3. Open the browser on your Android device and go to an HTTPS web page.

The page should load without any security warnings. You should see the corresponding requests within Burp Suite Professional.

Note

On some Android emulators you will need to add the proxy details from the emulator settings menu rather than the native Network/Wi-Fi settings on the emulated device.

Was this article helpful?