![]() ![]() Then we need to enter the IP address of our laptop computer and the port 8080 we configured Burp to use. After that we’ll be able to see the “Proxy settings,” where we need to select “Manual”. In order to that that, we need to open the Wireless settings and enter the advanced options for the currently connected network. We can do that by changing the settings of the network we’re already connected to. Now we need to configure our Android phone to use a proxy. Remember that you can as easily change the port to a number of your liking, so you don’t have to use 8080 if you don’t like or if you already have some other service listening on that port. Great, Burp is now listening on port 8080 on all interfaces. The output of the command is shown below: Let’s check if the Burp proxy is really listening on all interfaces, with the same netstat command we already used. The Burp proxy should then be listening on all interfaces, which means we’ll be able to connect to it from the Android phone. Then we must restart the Burp proxy by enabling it in the running column. Burp will then ask us if we really want to start listening on all interfaces and we must press yes. Now we must disable the “listen on loopback interface only” option and click on the update button. The configuration options will then look as follows: After that the Burp proxy will stop and we will be able to load the configuration by clicking on the button edit. First, we must stop the proxy on port 8080 we can do this by clicking on the check box icon in the running column. This is exactly the option we need to disable. There’s also a check in the loopback only option. We can see that Burp is successfully listening on the port 8080, as we already saw. In order to do that, we must go to Proxy–Options under Burp, which will look like the picture below: We need to configure Burp to use global IP address 0.0.0.0, which is used to listen for traffic on all interfaces, not just the local host lo interface. ![]() This is the local host address, so the Android device, which has a different IP, won’t be able to connect to it. We can see that Burp is listening on the default predefined port 8080, but there’s also one interesting thing it’s listening on 127.0.0.1 address. The actual command we have to run is shown below: We can do that with the use of the netstat command in Linux. First, let’s start up Burp and check if it starts to listen on the appropriate port. If this port is already in use it will use another port, but it doesn’t really matter which port it chooses right now, because we’re going to configure it ourselves anyway. To set up Burp, we must first download it and start it it should automatically start listening on a predefined port, which is 8080. Additionally, we also have to set-up a Burp proxy on our laptop, so we’ll be able to intercept requests made by the Android phone. In our case we’re going to use the IP address range 192.168.1.0/24. This way, both devices will obtain the IP address from the same local host network. The first thing we need to do when trying to sniff the communication of the specific application on the Android is to connect the Android phone and a laptop to a local area network. We want to use the Android device without rooting it and blowing our warranty. We need to be aware that there are other options for sniffing the traffic from the Android device, like changing the IP tables on the phone, but they all require a rooted phone, which we don’t want. We’ll set up an access point on our laptop and connect to it via the mobile phone. Another option is to use a system-wide proxy, so all Internet communication goes through it, but that method isn’t as reliable as the option we’ll be using. One of them is to set a specific application to use a proxy, but the application has to support that setting, and most of them don’t. There are a couple of ways to achieve that. We’re doing it because we want to sniff everything the Android device sends and receives over the network. But why would we do that? The main reason is not related to using the network over the phone (quite the contrary: the laptop should have a valid Internet connection already). We’ll be connecting the Android device to the laptop-enabled access point. In this article we won’t talk about how to connect your laptop to the Android access point, but rather the opposite. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |