Intercepting and Analyzing Network Traffic with Burp Suite on Genymotion

2 min readNov 4, 2023

As a reverse engineer, security professional or a penetration tester, one of the primary challenges we face is intercepting and analyzing network traffic between Android applications and remote servers. This is where the powerful combination of Genymotion and Burp Suite comes into play. In this blog post, we will delve into the process of how we direct network traffic from Android apps running on Genymotion to the Burp Suite intercepting proxy so that we analyze and tamper with network traffic.

Directing network traffic to Burp Suite is a crucial step in Android security for dynamic network behavior analysis, vulnerability identification, real-time analysis among others.

The concept behind it is rather simple. We need to export the certificate of Burp and import it as a trusted system certificate. Steps and commands are illustrated below.

This work has been supported in part by the Energy Transition Fund of the FPS Economy of Belgium through the CYPRESS project, and in part by the VLAIO COOCK program through the IIoT-SBOM project.

Thanks for reading.

Can Özkan

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Can Özkan

15 Followers

1 Following

Security Researcher, Penetration Tester, and Reverse Engineer

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

More from Can Özkan

Can Özkan

InsecureBankv2.apk Android Walkthrough

In this blog post, I’ll embark on a comprehensive walkthrough of the InsecureBankv2 Android application, a purposely vulnerable app…

Nov 5, 2023

Damn Insecure Vulnerable Application (diva.apk) Walkthrough

Can Özkan

Damn Insecure Vulnerable Application (diva.apk) Walkthrough

Diva (Damn Insecure and Vulnerable Application), which is a deliberately insecure Android application designed for educational and testing…

Nov 5, 2023

How to Root an Android Device — Google Pixel 5

Can Özkan

How to Root an Android Device — Google Pixel 5

Rooting an Android device, such as your Google Pixel 5, can provide you with elevated privileges and more control over the device’s…

Nov 7, 2023

How to Consume an SBOM through OWASP Dependency Tracker

Can Özkan

How to Consume an SBOM through OWASP Dependency Tracker

In the dynamic landscape of modern software development, transparency, security, and accountability have become paramount. To address these…

Nov 6, 2023

See all from Can Özkan

Recommended from Medium

InfoSec Write-ups

loyalonlytoday

Finding the origin IP part 2

Learn a few techniques to find the origin IP

Mar 6

Interacting With Android Root Privileges (Rooted AVD) — Android CheatEngine Like APP Part 1

snaggy

Interacting With Android Root Privileges (Rooted AVD) — Android CheatEngine Like APP Part 1

In this small Blog I’ll be showcasing my first experience in interacting with android root permissions from within an android app. This…

Dec 5, 2024

Lists

data science and AI

40 stories341 saves

Iski

How Recon → SQLi Made €€€€ Bounty

Hi there…!

Mar 6

182

Mobile Pentesting: Implementing Certificate Pinning with Retrofit/Okhttp3

Vinicius Batistella

Mobile Pentesting: Implementing Certificate Pinning with Retrofit/Okhttp3

Hi, there. I am back here once again.

Feb 25

Android Pentesting: A Complete Guide to Root Detection Bypass

Krunal Patel

Android Pentesting: A Complete Guide to Root Detection Bypass

1. Introduction

Sep 19, 2024

A Real-World Web Application Penetration Testing Story | Small Mistakes Leads to Major Logic Flaws

System Weakness

Onurcan Genç

A Real-World Web Application Penetration Testing Story | Small Mistakes Leads to Major Logic Flaws

Learn how to perform real-world penetration testing approach called Logic Flaws.

Nov 27, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams