Skip to content

Commit

Permalink
Added connecting Burp via HTTP Tookit (#2897)
Browse files Browse the repository at this point in the history 
* Added connecting Burp via HTTP Tookit

Added a method to BurpSuitre via HTTPToolkit. Since many had an issue with connecting flutter apps even after trying all the ways out, This method worked.

* Added proxying Android apps to Burp via HTTP Toolkit

Added another way to proxy traffic from android to Burp. Since most of the times, reFlutter and other ways don't work.

* Added proxying Android apps to Burp via HTTP Toolkit

* Added connecting Burp via HTTP Tookit

* minor markdown fixes

* add final newline

* reduce size

---------

Co-authored-by: Carlos Holguera <[email protected]>
  • Loading branch information
@umair-villanio @cpholguera
umair-villanio and cpholguera authored Sep 28, 2024
1 parent b856709 commit 50c2542
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions techniques/android/MASTG-TECH-0109.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,3 +84,30 @@ There are generally two approaches to this: **reFlutter** and **Frida**.
```
5. Start intercepting traffic.
## Intercepting Traffic using HTTP Toolkit
If the above methods don't work, you can try using HTTP Toolkit, which provides another way to intercept Flutter HTTPS traffic.
1. **Install HTTP Toolkit**
- You can download it from [here](https://httptoolkit.com/).
2. **Configure HTTP Toolkit**
- Turn on the Android device and make sure it's connected to your machine.
- Go to HTTP Toolkit and select one of these options:
- `Intercept > Android App via Frida` (experimental)
- `Intercept > Android Device via ADB` (for better results)
- Accept the connection request that will pop up on your Android device.
3. **Proxy HTTP Toolkit Traffic through Burp Suite**
- In HTTP Toolkit, go to `Settings > Connection Settings`.
- Set the proxy option as `Use an HTTP Proxy`.
- Enter the Burp Suite machine's IP and port (e.g., `192.168.8.2:8080`, `127.0.0.1:8082`) under the HTTP host proxy details and save it.
- Add the Burp certificate to Trusted CA Certificates.
4. **Configure Burp Suite**
- In Burp Suite, go to `Proxy > Options > Proxy Listeners > Add`.
- Enter the port number configured in HTTP Toolkit settings.
- Select `All Interfaces` and save the configuration.
5. **Start Intercepting Traffic**

0 comments on commit 50c2542

Please sign in to comment.