Discover more from Learn Pentesting like a Pro!
How to intercept HTTPS with Proxydroid
Learn how to hack Android apps intercepting the API calls and network traffic
If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid
Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.
Once installed in your phone. First thing before enabling the "Proxy Switch", you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case 192.168.1.134 on port 8080:
Then scroll down and select "Individual Proxy":
Now you can select which app you want to intercept traffic from:
If you want to intercept https traffic you will have to export BurpSuite certificate, download it in the phone and import it using Root Certificate Manager app. On order to break https traffic you must install Burp certificate inside the system trusted certificates, but do not worry this app will handle that for you:
More mobile application dynamic analysis tricks in this section: