Capturing the Naughty app Traffic in Burpsuit
While performing the pen-testing of one of banking apps we came across challenge of capturing the traffic in the burp. App being naughty was bypassing burp proxy and we were not able to capture the requests/responses.
Reversing the app we came to know it was built on Xamarain. To proceed with the pentest it was important to capture the requests in the burp proxy.
Then we came across following link (Big thanks for this):
And it did work !
Just for my notes keeping the steps.
Step 1: Switch off the wifi of the macbook and connect it to your phone hotspot. Connect it either by using cable to by bluetooth. Not by wifi !
Step 2: Go to System preferences-->Sharing-->On the internet sharing. See the pic. The internet which macbook gets from hotspot is shared by macbook. Macbook will start it's own hotspot !
Step 3: Now some command need to run to tell the macbook to route the traffic received through burp. Go to root shell of your macbook and use following command:
sh-3.2# echo "rdr pass on bridge100 inet proto tcp from any to any -> 127.0.0.1 port 8080" | pfctl -ef -
This will add a rule which you can check using command:
sh-3.2# pfctl -s nat
The rule will look like:
rdr pass on bridge100 inet proto tcp all -> 127.0.0.1 port 8080
Step 4: Now connect your phone(which the naughty app which you want to test) to wifi hotspot started by Macbook.
Fire your burp and you should be able to capture the app requests !