TechQA.

Unable to intercept Android hybrid application HTTPS traffic using burp suite

1.1k views Asked by At

I am unable to intercept https traffic of one of the android thick client application which I am working. However I am able to intercept https traffic of other applications. This application is made on IBM worklight framework. Please find below logcat logs for the application.

D/dalvikvm( 1400): WAIT_FOR_CONCURRENT_GC blocked 53ms
W/PluginManager( 1400): THREAD WARNING: exec() call to LoggerPlugin.log blocked
the main thread for 30ms. Plugin should use CordovaInterface.getThreadPool().
W/System.err( 1400): javax.net.ssl.SSLPeerUnverifiedException: Cannot verify hos
tname: <hostname of application>
W/System.err( 1400):    at android.net.SSLCertificateSocketFactory.verifyHostnam
e(SSLCertificateSocketFactory.java:197)
W/System.err( 1400):    at android.net.SSLCertificateSocketFactory.createSocket(
SSLCertificateSocketFactory.java:382)
W/System.err( 1400):    at org.apache.http.conn.ssl.SSLSocketFactory.createSocke
t(SSLSocketFactory.java:375)
W/System.err( 1400):    at org.apache.http.impl.conn.DefaultClientConnectionOper
ator.openConnection(DefaultClientConnectionOperator.java:165)
W/System.err( 1400):    at org.apache.http.impl.conn.AbstractPoolEntry.open(Abst
ractPoolEntry.java:164)
W/System.err( 1400):    at org.apache.http.impl.conn.AbstractPooledConnAdapter.o
pen(AbstractPooledConnAdapter.java:119)
W/System.err( 1400):    at org.apache.http.impl.client.DefaultRequestDirector.ex
ecute(DefaultRequestDirector.java:360)
W/System.err( 1400):    at org.apache.http.impl.client.AbstractHttpClient.execut
e(AbstractHttpClient.java:555)
W/System.err( 1400):    at org.apache.http.impl.client.AbstractHttpClient.execut
e(AbstractHttpClient.java:487)
W/System.err( 1400):    at com.worklight.wlclient.WLRequestSender.run(WLRequestS
ender.java:67)
W/System.err( 1400):    at java.util.concurrent.ThreadPoolExecutor.runWorker(Thr
eadPoolExecutor.java:1080)
W/System.err( 1400):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Th
readPoolExecutor.java:573)
W/System.err( 1400):    at java.lang.Thread.run(Thread.java:856)

However the application is getting intercepted on charles in which I am facing some different issues.
Note: I have already done with the installation of burp certificate in the emulator.

android https interception
Original Q&A
2

There are 2 answers

0
Idan Adar On

You can look at the following question, in which the very same error is reported as well (for a different scenario): Error uploading file using Cordova filetransfer in SSL environment

javax.net.ssl.SSLPeerUnverifiedException: Cannot verify host name: <hostname of application>
0
Macarse On

Check this android bug: https://code.google.com/p/android/issues/detail?id=52738

Is this happening on 4.4?

Related Questions in ANDROID

Related Questions in HTTPS

Related Questions in INTERCEPTION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions