Most of the applications we pentest respect the system proxy set in the device. There are some exceptions though, like Xamarain (-.-) , where the proxy set in the device is ignored. It makes interception harder. By using Port Forwarding, we can almost intercept any application. Though, the mentioned commands might slightly vary on different flavors of Operating System.
- Macbook/Linux Machine
- Mobile Device to tether Internet with USB/Bluetooth or dongle (much easier!)
- pfctl/iptables for port forwarding
- Testing device
Basically, we are connecting our machine from which we want to intercept and the testing device to the same interface. Internet connection from a machine can be shared through Bluetooth/USB/Ethernet. The medium does not matter as long it is not WiFi because there will be a conflict while we connect to a WiFi AP + try to set a AP in the same machine. Once we are done with the setup, just forward the machine's traffic to Burp. And, Voila!
- Using a mobile device/dongle, tether Internet. Tethering can be done using USB/Bluetooth. WiFi is not preferred because there would be conflict when we create a hotspot from the Mac.
- Connect the machine to the tethered Internet from System Preferences -> Network
- System Preferences -> Sharing -> Internet Sharing
- Choose the 'Share From' accordingly and 'To Computers Using' to 'WiFi'
- Connect to the AP which got created from Macbook
- From the machine, port forward with
rdr pass on bridge100 inet proto tcp from any to any -> 127.0.0.1 port 8080
Here the bridge100 is the interface which is created once we tether. - Flush the old and enable the new rule using
sudo pfctl -f pf.rules
- In Burp, make sure proxy is bind using 'All interfaces' and 'Support invisible proxying' is enabled from Proxy -> Options -> Edit Proxy Listener -> Request handling
- Install Burp certificate in your testing device by visiting http://ip:port
- Pwn!