Learn Pentesting like a Pro!

Share this post

How to intercept HTTPS with Proxydroid

pentesting.academy

How to intercept HTTPS with Proxydroid

Learn how to hack Android apps intercepting the API calls and network traffic

pentesting.academy
Mar 18, 2022
Share this post

How to intercept HTTPS with Proxydroid

pentesting.academy

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.

Once installed in your phone. First thing before enabling the "Proxy Switch", you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case 192.168.1.134 on port 8080:

How to turn on the proxy in ProxyDroid

Then scroll down and select "Individual Proxy":

Select Individual Proxy to specify which apps you want to intercept traffic from

Now you can select which app you want to intercept traffic from:

Select apps to intercept traffic from

If you want to intercept https traffic you will have to export BurpSuite certificate, download it in the phone and import it using Root Certificate Manager app. On order to break https traffic you must install Burp certificate inside the system trusted certificates, but do not worry this app will handle that for you:

Root Certificate Master showing the system certificates in our Android device

More mobile application dynamic analysis tricks in this section:

Learn Pentesting like a Pro
✅ The Ultimate Cheat Sheet for Android and iOS hacking: Part II (Dynamic Analysis)
In this post you will learn how to use different tools and frameworks to audit the security of running Apps in Android and Apple smartphones. Android emulators Genymotion Genymotion Cloud: Cloud-based Android emulators running on SaaS or as virtual images on AWS, GCP or Alibaba Cloud (PaaS…
Read more
3 months ago · pentesting.academy
Share this post

How to intercept HTTPS with Proxydroid

pentesting.academy
Comments
TopNew

No posts

Ready for more?

© 2023 pentesting.academy
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing