Setting up Android to work with Burp Suite

To test Android applications, or to even test web applications via your Android device, you need to configure Burp Proxy to start a listener on interfaces and then connect the Android device and the system running Burp to the same wireless network.

This causes the Burp listener to become visible and accessible to the Android device on the same network.

Follow these steps to set a proxy for your Android device:

1. Go to the SETTINGS menu.
2. Connect to the same wireless network as Burp.

1. If you are already connected, click on the wireless connection name and select Manage network settings, as shown in the following screenshot:

1. Click on Show advanced options, to show the Proxy setting. Click on the Manual option to enter the address of the proxy server running Burp:

1. Click SAVE to save this setting and proceed to browse an HTTP site on your Android device's browser to see that the traffic is received by Burp.

To be able to access HTTPS sites, you will need to add Burp's CA certificate to the Android device. This can be done by following these steps:

1. Navigate to http://burp:8080 from a computer and save the CA certificate whose link is displayed on the page.
2. Rename the downloaded file to burp.cer.  Any filename will do, as long as the extension is .cer.
3. Transfer the file to the Android device's external storage using any way you can. Common techniques are Bluetooth transfer, using ADB push, sending an email, and saving as attachment in the Android device, and so on.
4. Once the file is transferred to the Android device, go to Settings | Lock screen and security | Other security settings.
5. This option may differ on your version of Android. In most cases, using the search option in Settings and searching for certificates will take you to the right place.
6. Click on Install from device storage. If the .cer file is present in the device storage then it will be automatically installed.
7. If your version of Android asks if you want to install the certificate for apps or Wi-Fi, select apps.
8. The Android device will show a notification that the certificate is now installed. You can confirm this by browsing to an HTTPS site and capturing the traffic in Burp