Viewing the HTTP traffic from your mobile browsers doesn’t take that long to set up, but there are a few gotchas to be aware of:
- You need to find the right IP address on your desktop
- You need to change your proxy settings on your phone
- Make sure your proxy allows external connections
- Make sure both Mobile Device and Proxy Machine are on the same network
The setup I normally use:
- Phone connected to wifi network
- Windows Desktop connected to same network via wired connection (or laptop connected via wireless)
As an example, using Fiddler as the debug proxy, on the desktop:
- Start Fiddler
- Check that Fiddler has “Allow remote computers to connect” (via Tools Fiddler Options Connections)
- Start a command prompt and use “ipconfig” to show you the current list of ip addresses for you computer
On the mobile device, details below are for android (but the principle is the same for other operating systems):
- Open Settings
- Wi-Fi settings
- Long press on the wireless network you are using to access the connection settings
- Modify Network Config
- Proxy Settings - Manual
- change the Proxy HostName to the IP Address of your desktop
- Add the port for your debug proxy e.g. 8888 for Fiddler
Then your browser should be connecting to the proxy.
Other applications may not use the proxy in this way. You might need to setup port forwarding use adb to feed them through to your proxy (don’t leave comments asking how to do this check on google. I haven’t had to do this for some time so my memory of hacking around on the android device to get it working is hazy.)
On Android: Chrome, Firefox, Dolphin and the inbuilt browser all worked without issue. I had some hassle connecting Opera, but didn’t try and diagnose why.
Try it and see how you get on.
It makes a big difference to the visibility of your testing when working through mobile.
- For burpsuite, in “Proxy Options” edit the proxy listener to Bind to address “All interfaces”