Intercept HTTP Traffic of an android app?

Question

I was trying to test and intercept traffic from an app developed on Rhodes open source framework, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can intercept other apps on my device but I am unable to see the traffic of the app in question - its link on burp suite instead the app works fine and connects to the remote server without even appearing any error related to certificate error on the event Log of the burp suite just as like an app using certificate Pinning would complain. in reversing the app I concluded that it is using https protocol to connect to the server. additionally, I have installed the app in Genymotion emulator and the app behaves differently. when I installed the certificate in the emulator and set up burp proxy, all the traffic from other apps appears normally in the proxy except this app . all the app traffic follows to the address 127.0.0.1 which is strange to me. forexample I take an intercepted one below:

http://127.0.0.1:44895

POST /app/Settings/do_pathlogin HTTP/1.1
Host: 127.0.0.1:44895
Content-Length: 65
Accept: */*
Origin: http://127.0.0.1:44895
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; Samsung Galaxy S6 Build/OPR6.170623.017; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/58.0.3029.125 Mobile Safari/537.36
Transition-Enabled: true
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://127.0.0.1:44895/app/Settings/index_callback
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Connection: close

fromPage=login&operation_key=HOME_REP&username=user&password=pass

I don't have any idea why this behaviour the app is showing, in the real device this won't show up, ie, traffic to the address 127.0.0.1 . As other researchers would recommend, tried to sniff network traffic of the app with wireshark and activated the capture traffic of the wireshark, I was expecting to sniff or even decide whether app is using UDP protocols, but did not appear any traffic from the app!.

I wanted some help how can I capture the traffic of this app ?

what am I missing?

what other steps do I need?

I would really appreciate any help about this.

note: I don't have any bad intentions about the app.

Answer 1

in looking at it, you need to address two things firstly the app is using a library which is non-proxy-aware to communicate to the server. secondly the app when sniffed with wireshark of course it encrypts its data so you need to extract the certificate from the app to view data in wireshark . but this is a tedious work but it is achievable. please do your homework. hope this answer will help.