Posts

Showing posts from December, 2016

Installing Burp cert in Android

I have seen many a times, even though there's already a Burp cert is installed on the Android device, the browser throws an error and Burp does not capture the request. This issue is mostly prevalent with Kitkat 4. As browser errors can be bypassed by clicking Proceed, but Banking apps keep throwing 'SSL Error' messages. Not sure what happens, but below works for me in such cases:

1. Download the Burp certificate. It'll be downloaded as 'cert.der'

2. Go to download folder, rename it as 'cert.cer' . Recommend to have a file explorer app which makes renaming easy.

3. Copy it to /storage/sdcard0 folder.

4. Go to Settings-> Security-> Trusted Credentials-> User. Remove the old Portswigger (Burp) certificates.

5. Go to Settings-> Security-> Install from device storage. Tap it and it installs your new certificate automatically. Now you are done. You'll notice all well now, the app communications being intercepted by Burp.

Maybe due to some…