# Network Traffic

In this post we will learn how to intercept application traffic using proxy tool

### Tools

* Burpsuite proxy tool

### Setup

* Run burpsuite
* Configure proxy options
  * listen on port 5555 for example
  * All Interfaces

![](/files/-MLs-dAOkHCVAKPCOAE7)

* Install Burp Certificate as system certificate
* Download certificate from web browser
  * <http://burp>
* Configure the certificate to install it as system certificate
  * openssl x509 -inform DER -in cacert.der -out cacert.pem
  * openssl x509 -inform PEM -subject\_hash\_old -in cacert.pem |head -1&#x20;
  * mv cacert.pem \<hash>.0
    * adb push9a \<hash>.0 /system/etc/security/cacerts/&#x20;
  * adb shell&#x20;
  * chmod 644 /system/etc/security/cacerts/\<hash>.0
* Configure device proxy&#x20;
  * go to settings > WI-FI
  * Keep pressing on the wifi
  * Modify Network
    * proxy hostname = Insert the ip for the machine which run burpsuite
    * proxy port = 5555
    * Save!

### SSL Pinning Bypass

#### SSLUnpinning

SSL Unpinning is a powerful tool for SSL Pinning bypasses.

* First we need to install Xposed Framework / Xposed APK installer
  * APK Installer : <https://xposed-installer.en.uptodown.com/android>
    * Drag and drop it into the device
  * Framework : <https://dl-xda.xposed.info/framework/>
    * We should choose the sdk version that match our device ( for example choose sdk25)
    * Then x86 => then&#x20;

      ```
      xposed-v89-sdk25-x86.zip  
      ```
  * Drag and drop the zip file into the device
  * Open the application
  * from the downloads menu search for SSLUnpinning => Install it&#x20;
    * Or Download the APK directly from here : <https://github.com/ac-pm/SSLUnpinning_Xposed>
  * Restart the device
  * Open SSLUnpinning application
  * Click on + icon and scroll until you found the application package that you want to apply bypass to it.

#### Frida

* Download frida script from here as ssl-bypass.js
  * <https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/>
* After run frida-server on the device run frida as follows

```
adb push burpca-cert-der.crt /data/local/tmp/cert-der.crt
frida -U -f it.app.mobile -l ssl-bypass.js --no-pause
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://co0nan.gitbook.io/mobile-application/network-traffic.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.