Remote host closed connection during handshake : Burp Certificate in Android

5.7k views Asked by At

I have been trying day and night to intercept android traffic through burp. I can successfully intercept all http traffic through burp but https are not getting intercepted.

The following are the version details :

  1. BurpSuite 1.6
  2. Java 1.6
  3. Android 4.4.2
  4. ProxyDroid 2.7.0

The following steps was followed by me:

  1. Android phone is rooted.
  2. Connected Wifi in same network as my laptop and while connecting to wifi I went to advanced options to use proxy ip as my laptop's IP and port as 8080.
  3. Installed ProxyDroid in Android device and enabled global proxy of all HTTP to my laptop's IP and port as 8080.
  4. In my laptop, downloaded burp certificate from BurpSuite which was cacert.der, converted it to .crt format and installed it in my phone through install certificate from sd card options in Settings > Security. The certificate has been successfully installed and shows "Network may be monitored alert continuously". It is present in trusted certificate list under User tab.
  5. Now when I am opening any HTTP site through browser of phone it opens successfully and gets intercepted by burp in my laptop.
  6. But when I open any HTTPS site from browser of phone it is not intercepted and no error is shown in BurpSuite alert tab. The site sometimes opens successfully but sometimes do not.
  7. When I try to browse native android app which uses HTTPS protocol, it is also not intercepted but shows "The client failed to negotiate an SSL connection to DOMAIN:443: Remote host closed connection during handshake". [ DOMAIN is the actual domain name ] The app results in network connection error.

I am not able to get out of this problem no matter whatever I try. Please help me.

0

There are 0 answers