intercepting-mobile-traffic-with-burpsuite

# Intercepting Mobile Traffic with Burp Suite ## When to Use Use this skill when: - Testing mobile application API endpoints for authentication, authorization, and injection vulnerabilities - Analyzing data transmitted between mobile apps and backend servers during penetration tests - Evaluating certificate pinning implementations and their bypass difficulty - Identifying sensitive data leakage in mobile network traffic **Do not use** this skill to intercept traffic from applications you are not authorized to test -- traffic interception without authorization violates computer fraud laws. ## Prerequisites - Burp Suite Professional or Community Edition installed on testing workstation - Android device/emulator or iOS device on the same network as Burp Suite host - Burp Suite CA certificate installed on the target device - For Android 7+: Network security config modification or Magisk module for system CA trust - For SSL pinning bypass: Frida + Objection or custom Frida scripts - Wi-Fi network where proxy configuration is possible ## Workflow ### Step 1: Configure Burp Suite Proxy Listener ``` Burp Suite > Proxy > Options > Proxy Listeners: - Bind to address: All interfaces (or specific IP) - Bind to port: 8080 - Enable "Support invisible proxying" ``` Verify the listener is active and note the workstation's IP address on the shared network. ### Step 2: Configure Mobile Device Proxy **Android:** ``` Settings > Wi-Fi > [Network] > Advanced > Manual Proxy - Host: <burp...