While conducting mobile application penetration testing of Windows Phone capturing application traffic will allow penetration tester to modify the traffic and analyze the responses from the server. This is important to understand the behavior of application and to find out possible vulnerabilities in it.
In this blog we will learn how to capture application’s traffic on Windows Phone.
1. Select Proxy tab and under Proxy tab select Option tab. Now click on Add.
2. Enter proxy port (eg. 8080) and select All Interfaces. Now click on OK.
3. Select the Proxy Listener you have created just now.
Capturing Windows Phone Traffic Using Burp Proxy :
1. On Windows Phone navigate to Settings
2. Tap the Setting and select the WiFi
3. After Selecting WiFi all the WiFi Network details will be shown
4. Select the WiFi Network you are connected after selecting the WiFi Network you are connected tap to on the Proxy
5. Under Edit Network enter Proxy IP and Port. (e.g. 10.1.1.132:8080)
6. Now http/https traffic from windows phone can be intercepted. Happy Testing 🙂 🙂 🙂
Author: Snehal Raut
Security Consultant, Varutra Consulting