burp-mobile phone test guide

Others 2021-01-28 12:46:16 views: null

STEP-1 Investigation IP information

You can create a hotspot on the packet capture computer by yourself or directly view the ip of the network card being captured by ipconfig

 

 

STEP-2 Set up mobile proxy

Here IOS system and Android system settings are the same, generally click on wifi settings —> select hotspot (hotspot in the first step) —> advanced settings —> proxy (modify network)

 

STEP-3 Configure Burp tool and export certificate

 

 

Remember to end with .cer

 0x5 exported certificate file

 Transfer to the Android mobile phone and install this certificate.

Some blogs on the Internet also said that the browser can access https://burp to install the certificate, but after trying it, I can’t install it successfully (only Android has this problem), because the suffix of the certificate downloaded using this method is der, unless you You can find the downloaded file and modify the suffix.

STEP-4 IOS mobile phone installation certificate

Because it is more complicated to install the certificate on the Apple mobile phone, I will talk about it separately.

After connecting to the hotspot and setting the proxy, in the Safari browser, enter https://burp

 Click the CA button in the upper right corner to pop up the download certificate interface:

 After importing the certificate, select About this machine in the general settings and check the trust certificate:

 

Other considerations

 Turn off the computer firewall

 Ensure that the mobile device and the computer are in the same local area network

The reasons why the WeChat applet cannot catch the package are as follows:

In Android7.0 and above system, each application can define your own trusted CA set set.

By default, the application will only trust the CA certificate pre-installed on the system, but not the CA certificate installed by the user .

Recalling the process of our packet capture, whether it is fiddler or Charles, if you want to capture https, you must install the corresponding certificate on your mobile phone. The certificate installed through fiddler/Charles belongs to the CA certificate installed by the user, so it will be regarded as insecure. certificate.

 

Reference link:

https://blog.csdn.net/Lee_Natuo/article/details/83995839

https://www.jianshu.com/p/dfea1a84bb3b

https://szukevin.site/2020/08/16/BurpSuite%E6%8A%93IOS%E8%AE%BE%E5%A4%87HTTPS%E6%B5%81%E9%87%8F/

https://www.77169.net/html/260548.html

https://www.anquanke.com/post/id/85925

Guess you like

Origin blog.csdn.net/Vdieoo/article/details/112209847
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com