Wednesday, May 5, 2010

Android SSL Apps & Burp

As a follow up to the post  regarding intercepting Android applications on the emulator using Burp, I wanted to give a solution for intercepting applications on the Android that enforce SSL/TLS correctly.

I ran into this problem with an app that enforced SSL/TLS. The app refused to communicate with Burp because of the certificate mismatch error. Unlike a browser you don't have the option to make an exception. Hence the app died and at the time I couldn't perform testing.

This video provides a solution I cooked up by reading some manuals and searching the web. Enjoy.

Android SSL Enforced Apps & Burp from cktricky on Vimeo.

~Happy Hacking!


Michael Boman said...

The Video seems to be MIA. Could you narrate the steps in text, or re-upload the video & update the link? Thanks!

cktricky said...

Sorry about that, steps were outdated and not terribly useful so I removed the video. Will have to update.