Intercepting Android App Traffic with BurpSuite

Name: Intercepting Android App Traffic with BurpSuite
Uploaded: 2023-07-02T12:15:28Z
Channel: IppSec
Description: 00:00 - Introduction, talking about RouterSpace and why we can't just do what we did in that video 01:25 - Installing Genymotion, Virtual Box, and ADB; ...

IppSec · Beginner ·🔍 RAG & Vector Search ·2y ago

00:00 - Introduction, talking about RouterSpace and why we can't just do what we did in that video 01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works. 02:05 - Make sure you upgrade your memory, processors, and enable Virtualization in your VM Settings! 02:30 - Running Genymotion and starting a Pixel 3 XL 03:37 - Converting BurpSuites Certificate to PEM Format with openssl x509 -inform der -in [name of cert] -out burp.pem 04:20 - Renaming the certificate to 9a5ba575.0, and showing how we got that name…

Watch on YouTube ↗ (saves to browser)

Chapters (20)

Introduction, talking about RouterSpace and why we can't just do what we did i

1:25 Installing Genymotion, Virtual Box, and ADB; while talking about why I don't u

2:05 Make sure you upgrade your memory, processors, and enable Virtualization in yo

2:30 Running Genymotion and starting a Pixel 3 XL

3:37 Converting BurpSuites Certificate to PEM Format with openssl x509 -inform der

4:20 Renaming the certificate to 9a5ba575.0, and showing how we got that name

6:00 Starting the device and showing the certificate authorities

7:00 Copying the certificate to /system/etc/security/cacerts/, and showing how to r

8:10 Showing how to set the proxy through both the GUI and via ADB

9:50 Installing GAPPS

10:30 Showing how to unset the proxy from ADB

11:00 Creating an alias to set and unset the proxy via adb

12:00 Opening the google play store and logging in and install Wayzn to see if we ca

15:20 Showing we intercepted traffic from Wayzn, then installing Instagram

16:50 Attempting to login to instagram and getting an error message

17:20 Setting up Frida both on our computer and android device

19:20 Showing Frida is working, getting ps output from the android device

19:55 Downloading the instragram ssl pinning bypass script

21:20 Using frida to start instagram and loading the script to bypass the SSL Checki

22:15 Setting the proxy and showing us intercept instagram traffic

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →