stackoom
  简体   繁体   中英

Unable to intercept Android hybrid application HTTPS traffic using burp suite

 原文  2014-11-19 06:45:04       android/ https/ interception

Question

I am unable to intercept https traffic of one of the android thick client application which I am working. However I am able to intercept https traffic of other applications. This application is made on IBM worklight framework. Please find below logcat logs for the application. 

D/dalvikvm( 1400): WAIT_FOR_CONCURRENT_GC blocked 53ms
W/PluginManager( 1400): THREAD WARNING: exec() call to LoggerPlugin.log blocked
the main thread for 30ms. Plugin should use CordovaInterface.getThreadPool().
W/System.err( 1400): javax.net.ssl.SSLPeerUnverifiedException: Cannot verify hos
tname: <hostname of application>
W/System.err( 1400):    at android.net.SSLCertificateSocketFactory.verifyHostnam
e(SSLCertificateSocketFactory.java:197)
W/System.err( 1400):    at android.net.SSLCertificateSocketFactory.createSocket(
SSLCertificateSocketFactory.java:382)
W/System.err( 1400):    at org.apache.http.conn.ssl.SSLSocketFactory.createSocke
t(SSLSocketFactory.java:375)
W/System.err( 1400):    at org.apache.http.impl.conn.DefaultClientConnectionOper
ator.openConnection(DefaultClientConnectionOperator.java:165)
W/System.err( 1400):    at org.apache.http.impl.conn.AbstractPoolEntry.open(Abst
ractPoolEntry.java:164)
W/System.err( 1400):    at org.apache.http.impl.conn.AbstractPooledConnAdapter.o
pen(AbstractPooledConnAdapter.java:119)
W/System.err( 1400):    at org.apache.http.impl.client.DefaultRequestDirector.ex
ecute(DefaultRequestDirector.java:360)
W/System.err( 1400):    at org.apache.http.impl.client.AbstractHttpClient.execut
e(AbstractHttpClient.java:555)
W/System.err( 1400):    at org.apache.http.impl.client.AbstractHttpClient.execut
e(AbstractHttpClient.java:487)
W/System.err( 1400):    at com.worklight.wlclient.WLRequestSender.run(WLRequestS
ender.java:67)
W/System.err( 1400):    at java.util.concurrent.ThreadPoolExecutor.runWorker(Thr
eadPoolExecutor.java:1080)
W/System.err( 1400):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Th
readPoolExecutor.java:573)
W/System.err( 1400):    at java.lang.Thread.run(Thread.java:856)

However the application is getting intercepted on charles in which I am facing some different issues.
Note: I have already done with the installation of burp certificate in the emulator.

2 answers

solution1
 0  2014-11-27 06:12:02

您可以查看以下问题,其中也报告了非常相同的错误(针对不同的情况): 在SSL环境中使用Cordova filetransfer上传文件时出错 

javax.net.ssl.SSLPeerUnverifiedException: Cannot verify host name: <hostname of application>

solution2
 0  2014-12-15 16:51:31

Check this android bug: https://code.google.com/p/android/issues/detail?id=52738

Is this happening on 4.4?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is burp suite worked for android native application? Burp Suite - Pixel 2 XL (Android P) can't find a way to certificate using Burp Suite API request got intercept by burp suite Connect BURP suite to the Mobile application Sniffing Android Application HTTPS Traffic Android App Retrofit Web Service Request Intercept and Modify Using Burp Suit Attack Fix unable to debug hybrid application on android 4.3 Intercept HTTP Traffic of an android app? Intercept traffic from android app How to intercept mobile traffic on Android?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM