Intercepting Mobile Application Traffic

To intercept mobile application traffic you need to perform MITM attacks. This can be easily done using proxies like Burp Suite, Fiddler, Charles, Paros, etc. I prefer to use burp suite as it is most flexible to use for penetration testing.

The below given steps will help you to setup required interception environment:  

1. Install the target application.apk on the mobile device, let’s consider Android device in this case.
2. Now goto MenuàSettingàWi-Fi
3. Connect to your common Wifi being used by your Mobile device and Laptop.
4. Find the IP address of your laptop using “ifconfig/ipconfig” command.
5. Now in your mobile Wi-Fi, touch-n-hold the connected Wi-Fi and select “Modify Network
6. Check the option “Show advanced options” and under proxy settings select “Manual”. Now enter

·         Proxyhostname: <your laptop IP>                           

·         Proxy Port: <8080>

               7. Now on your laptop Start Burp Suite. Go in Proxy TabàOptionsàEdit

     8. Now select the interface and Port: 8080.

Now you are all set to perform MITM attacks.

NOTE: this process will allow you to intercept data of application using HTTP channel only. To intercept HTTPSdata you need to install BurpCA certificate.