Configuring an Android Device to Work With Burp

To test web applications using an Android device you need to configure your Burp Proxy listener to accept connections on all network interfaces, and then connect both your device and your computer to the same wireless network. If you do not have an existing wireless network that is suitable, you can set up an ad-hoc wireless network.

Configure the Burp Proxy listener

MobileSetUp_1

In Burp, go to the “Proxy” tab and then the “Options” tab.

In the “Proxy Listeners" section, click the “Add” button.

 
MobileSetUp_2

In the "Binding" tab, in the “Bind to port:” box, enter a port number that is not currently in use, e.g. “8082”.

Then select the “All interfaces” option, and click "OK".

Note: You could alternatively edit the existing default proxy listener to listen on all interfaces. However, using different listeners for desktop and mobile devices enables you to filter these in the Proxy history view.

 
MobileSetUp_3

The Proxy listener should now be configured and running.

 

Configure your device to use the proxy

MobileSetUp_Android_1

In your Android device, go to the“Settings” menu.

 
MobileSetUp_Android_2

If your device is not already connected to the wireless network you are using, then switch the "Wi-Fi" button on, and tap the “Wi-Fi” button to access the "Wi-Fi" menu.

 
MobileSetUp_Android_3

In the "Wi-Fi networks" table, find your network and tap it to bring up the connection menu.

 
MobileSetUp_Android_4

Tap "Connect".

If you have configured a password, enter it and continue.

 
MobileSetUp_Android_5

Once you are connected hold down on the network button to bring up the context menu.

Tap “Modify network config”.

 
MobileSetUp_Android_6

Ensure that the “Show advanced options” box is ticked.

 
MobileSetUp_Android_7

Change the “Proxy settings” to “Manual” by tapping the button.

 
MobileSetUp_Android_8

Then enter the IP of the computer running Burp into the “Proxy hostname”.

Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8082”.

Tap "Save".

 

Test the configuration

MobileSetUp_Apple_5

In Burp, go to the "Proxy Intercept" tab, and ensure that intercept is “on” (if the button says “Intercept is off" then click it to toggle the interception status).

 
MobileSetUp_Android_9

Open the browser on your Android device and go to an HTTP web page (you can visit an HTTPS web page when you have installed Burp's CA Certificate in your Android device.)

 
MobileSetUp_Android_10

The request should be intercepted in Burp.

Note: On some Android emulators you will need to add the proxy details from the emulator settings menu rather than the native Network / Wifi settings on the emulated device.