How to intercept HTTPS with Proxydroid

Learn how to hack Android apps intercepting the API calls and network traffic

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid

Once installed in your phone. First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case 192.168.1.134 on port 8080:

Then scroll down and select “Individual Proxy“:

Now you can select which app you want to intercept traffic from:

If you want to intercept https traffic you will have to export BurpSuite certificate, download it in the phone and import it using Root Certificate Manager app. On order to break https traffic you must install Burp certificate inside the system trusted certificates, but do not worry this app will handle that for you:

More mobile application dynamic analysis tricks in this section:

Learn Pentesting like a Pro
✅ The Ultimate Cheat Sheet for Android and iOS hacking: Part II (Dynamic Analysis)
In this post you will learn how to use different tools and frameworks to audit the security of running Apps in Android and Apple smartphones. Android emulators Genymotion Genymotion Cloud: Cloud-based Android emulators running on SaaS or as virtual images on AWS, GCP or Alibaba Cloud (PaaS…
Read more


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *