I have been trying day and night to intercept android traffic through burp. I can successfully intercept all http traffic through burp but https are not getting intercepted.
The following are the version details :
- BurpSuite 1.6
- Java 1.6
- Android 4.4.2
- ProxyDroid 2.7.0
The following steps was followed by me:
- Android phone is rooted.
- Connected Wifi in same network as my laptop and while connecting to wifi I went to advanced options to use proxy ip as my laptop's IP and port as 8080.
- Installed ProxyDroid in Android device and enabled global proxy of all HTTP to my laptop's IP and port as 8080.
- In my laptop, downloaded burp certificate from BurpSuite which was cacert.der, converted it to .crt format and installed it in my phone through install certificate from sd card options in Settings > Security. The certificate has been successfully installed and shows "Network may be monitored alert continuously". It is present in trusted certificate list under User tab.
- Now when I am opening any HTTP site through browser of phone it opens successfully and gets intercepted by burp in my laptop.
- But when I open any HTTPS site from browser of phone it is not intercepted and no error is shown in BurpSuite alert tab. The site sometimes opens successfully but sometimes do not.
- When I try to browse native android app which uses HTTPS protocol, it is also not intercepted but shows "The client failed to negotiate an SSL connection to DOMAIN:443: Remote host closed connection during handshake". [ DOMAIN is the actual domain name ] The app results in network connection error.
I am not able to get out of this problem no matter whatever I try. Please help me.