Sniffing HTTPS traffic

Still possible in 2022, thanks to a little tool going by the name „burpsuit“. It’s easy: Set up a proxy server and configure your end device to use that proxy.

Starting with Android Nougat the cert has to be installed at system-level. For this, you have to enable root debugging in the developer settings and transfer the file manually using adb. Full explanation here.

openssl x509 -inform der -in burp.der -out burp.pem

mv burp.pem openssl x509 -inform pem -subject_hash_old -in burp.pem | head -1.0

With adb root move cert to /system/etc/security/cacerts/ and chmod 644.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert