Intercepting app with Burp shows no requests

All we need is an easy explanation of the problem, so here it is.

I´m pentesting my first mobile application. I have a rooted android device and followed the steps here and here to install the certificate to proxy the traffic through Burp on my Laptop.

But no requests show up. When I´m opening the app I have the option to either register (trying that throws the error message "User already exists", which is definitely not the case (triple checked that)) or login. I tried logging in with an account created on the webpage but the app throws a "User does not exist" error. When setting the proxy settings on the phone to none, both registration and logging in as existing user work fine.

So my guess is the app is either using certificate pinning or there are some issues with the proxy settings or the certificate.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

It turned out to not be a certificate pinning issue but a problem with the self-installed certificates. Since Android Nougat, apps seem to no longer trust user certificates by default (article for reference).

So the solution was the Magisk module AlwaysTrustUserCerts, which made it possible to turn the self-installed Burp certificate into a system certificate.

After that, intercepting the requests through Burp worked without a problem.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply