Recently I developed interest in analyzing the Android apk network traffic.
I was able to capture traffic using HTTP interceptor for some of the apk but many other apk started giving error in interceptor - "The client failed to negotiate SSL connection".
On searching this issue, I came to know that apk are performing SSL pinning. In order to capture traffic for these apk, I need to bypass the SSL pinning. After reading multiple articles, I founded this easy way of performing the same.
Requirements:
Steps:
Configuring Burp Suite:
XPosed apk framework:
JustTrustMe apk:
Memu Android emulator :
I was able to capture traffic using HTTP interceptor for some of the apk but many other apk started giving error in interceptor - "The client failed to negotiate SSL connection".
On searching this issue, I came to know that apk are performing SSL pinning. In order to capture traffic for these apk, I need to bypass the SSL pinning. After reading multiple articles, I founded this easy way of performing the same.
Requirements:
- Burp Suite - https://portswigger.net/burp/communitydownload
- XPosed apk framework: https://forum.xda-developers.com/showthread.php?t=3034811
- JustTrustMe - https://github.com/Fuzion24/JustTrustMe/releases
- Memu Android emulator - https://www.memuplay.com/
Steps:
Configuring Burp Suite:
- Install Burp Suite from https://portswigger.net/burp/communitydownload
- Follow all steps mentioned at https://support.portswigger.net/customer/portal/articles/1816883-getting-started-with-burp-suite
- For our case, we are setting Burp to listen to all interfaces on 8085 port
XPosed apk framework:
- Download the framework from https://forum.xda-developers.com/showthread.php?t=3034811
- For my case the download link was https://forum.xda-developers.com/attachment.php?attachmentid=4393082&d=1516301692
JustTrustMe apk:
- Download the apk from https://github.com/Fuzion24/JustTrustMe/releases
- For my case it came out to be https://github.com/Fuzion24/JustTrustMe/releases/download/v.2/JustTrustMe.apk
Memu Android emulator :
- Download the emulator from https://www.memuplay.com/
- Install the emulator and open the same.
- Click on Settings button and then goto Others tab
- Click on Enable for Root mode option
- Restart the emulator
- Click on "Install APK" button on the right side toolbar of Memu emulator
- Choose Xposed apk framework which was downloaded earlier
- Open the apk after installation
- Click on Install/Update option inside the apk
- After the installation is complete, restart the emulator
- If all went well, you will see something as shown below in screenshot
- Again, click on "Install APK" button on the right side toolbar of Memu emulator
- Choose JustTrustMe apk which was downloaded earlier
- After JustTrustMe is installed, open Xposed apk
- Open the Modules tab
- Activate the JustTrustMe module by ticking the checkbox
- Now, goto Wifi->Settings in the emulator
- Long press on the wifi name till you see option to Modify network
- Click on Advanced option
- Mention the ip of your system and port as 8085 (as Burp is listening on this port)
- Open any apk on the emulator which has SSL pinning enabled
- Observe that Burp suite is capturing all traffic and stops giving SSL error.
Note:
This post is only for educational purpose. Don't use this for any unauthorized activities.
Hope this helps.
