# Network Traffic In this post we will learn how to intercept application traffic using proxy tool ### Tools * Burpsuite proxy tool ### Setup * Run burpsuite * Configure proxy options * listen on port 5555 for example * All Interfaces ![](https://57760418-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MJWxwudJt21M0ALA2YF%2F-MLrwcVB1TGw3s-giR8j%2F-MLs-dAOkHCVAKPCOAE7%2Fimage.png?alt=media\&token=5f026a84-43ba-4127-96ef-bf9d26a7ac40) * Install Burp Certificate as system certificate * Download certificate from web browser * * Configure the certificate to install it as system certificate * openssl x509 -inform DER -in cacert.der -out cacert.pem * openssl x509 -inform PEM -subject\_hash\_old -in cacert.pem |head -1 * mv cacert.pem \.0 * adb push9a \.0 /system/etc/security/cacerts/ * adb shell * chmod 644 /system/etc/security/cacerts/\.0 * Configure device proxy * go to settings > WI-FI * Keep pressing on the wifi * Modify Network * proxy hostname = Insert the ip for the machine which run burpsuite * proxy port = 5555 * Save! ### SSL Pinning Bypass #### SSLUnpinning SSL Unpinning is a powerful tool for SSL Pinning bypasses. * First we need to install Xposed Framework / Xposed APK installer * APK Installer : * Drag and drop it into the device * Framework : * We should choose the sdk version that match our device ( for example choose sdk25) * Then x86 => then ``` xposed-v89-sdk25-x86.zip ``` * Drag and drop the zip file into the device * Open the application * from the downloads menu search for SSLUnpinning => Install it * Or Download the APK directly from here : * Restart the device * Open SSLUnpinning application * Click on + icon and scroll until you found the application package that you want to apply bypass to it. #### Frida * Download frida script from here as ssl-bypass.js * * After run frida-server on the device run frida as follows ``` adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt frida -U -f it.app.mobile -l ssl-bypass.js --no-pause ```