Configuring an Android device to work with Burp Suite Professional
Last updated: September 14, 2023
Read time: 3 Minutes
It's possible to test web applications and mobile apps using a rooted Android device. To do this, you need to do the following:
- Configure your Burp Proxy listener to accept connections on all network interfaces.
- Connect both your device and your computer to the same wireless network.
- To interact with HTTPS traffic, you need to install a CA certificate on your android device at the system level.
From Android 7 (Nougat) onwards, you need to use a rooted device in order to install a CA certificate at the system level. Rooting an Android device normally voids the warranty and there is a risk it could become unusable. Please understand the risks before proceeding.
Because of the diversity of Android devices and Android emulators, we can't give specific instructions for every step of this process. However, we provide links to some external sites, which may help you to complete your configuration.
Step 1: Configure the Burp Proxy listener
To configure the proxy settings for Burp Suite Professional:
- Open Burp Suite Professional and click Settings to open the Settings dialog.
- Go to Tools > Proxy.
- In Proxy Listeners, click Add.
In the Binding tab, set Bind to port to
8082(or another port that is not in use).
Select All interfaces and click OK.
- At the prompt, click Yes.
Step 2: Configure your device to use the proxy
Make sure that your Android device is disconnected from the Wi-Fi network before you attempt to configure the proxy settings:
- In your Android device, go to Settings > Network & internet.
- Select Internet and long-press the name of your Wi-Fi network.
- Select Modify.
- From the Advanced options menu, select Proxy > Manual.
- Set Proxy hostname to the IP of the computer running Burp Suite Professional.
Set Proxy port to the port value that you configured for the Burp Proxy listener, in this example
- Touch Save.
Step 3: Install a CA certificate on your Android device
In order to interact with HTTPS traffic, you need to install a CA certificate from Burp Suite Professional on your Android device. This step is complicated and it varies across devices and versions of Android.
In addition, you need to make further configuration changes in order to proxy HTTPS traffic from a Chrome browser that's at version 99 or above.
For further information on how to perform these steps, you can refer to the following external links. Please note that we're not responsible for the content of these pages:
- External link: Installing a CA certificate on your Android device.
- External link: Configuration for a Chrome browser at version 99 or above.
Step 4: Test the configuration
To test the configuration:
- Open Burp Suite Professional.
- Go to Proxy > Intercept and click Intercept is off to switch intercept on.
- Open the browser on your Android device and go to an HTTPS web page.
The page should load without any security warnings. You should see the corresponding requests within Burp Suite Professional.
On some Android emulators you will need to add the proxy details from the emulator settings menu rather than the native Network/Wi-Fi settings on the emulated device.
Was this article helpful?
An error occurred, please try again.