Bypass Burp Suite Interception

TL;DR

Burp Suite is a powerful tool for web security testing, but sometimes applications detect its presence and refuse to work correctly. This guide explains common bypass techniques.

1. Understand the Detection Methods

Applications can detect Burp Suite in several ways:

• Certificate Pinning: The app only trusts specific SSL certificates, rejecting Burp’s proxy certificate.
• Out-of-Band (OOB) Checks: The app checks if it’s running inside a known testing environment or detects unusual network behaviour.
• Browser Fingerprinting: The app identifies characteristics of the browser and its extensions, including Burp Suite.
• IP Address Blacklisting: The app blocks requests from Burp’s IP address.

2. Certificate Pinning Bypass

If certificate pinning is enabled, you need to bypass it. Here are a few approaches:

1. Dynamic Analysis: Use tools like Frida or Objection to hook the SSL/TLS functions and modify the certificate validation process. This requires advanced knowledge of reverse engineering and mobile app internals.
2. Pinning Weaknesses: Look for vulnerabilities in the pinning implementation (e.g., weak hashing algorithms, improper key handling).
3. MITM with Trusted Certificates: If possible, configure Burp Suite to use a certificate trusted by the application. This is often difficult but can work if the app accepts self-signed certificates or has a lenient trust store.

3. Out-of-Band (OOB) Checks Bypass

Bypassing OOB checks requires identifying and manipulating the code responsible for these checks.

1. Identify the Check: Use dynamic analysis or static analysis to locate the code that performs OOB checks. Look for calls to system functions related to environment detection (e.g., checking for debuggers, emulators).
2. Patch the Code: Modify the code to disable or bypass the OOB checks. This can be done using tools like Frida, Xposed Framework (Android), or by patching the application binary directly.
3. Spoof Environment Variables: If the app relies on environment variables, try spoofing them to mimic a legitimate environment.

4. Browser Fingerprinting Bypass

Browser fingerprinting is harder to bypass completely but can be mitigated.

1. Use Multiple Browsers: Try using different browsers with minimal extensions.
2. Modify Browser Headers: Use Burp Suite’s header manipulation feature to modify browser headers and make them appear more legitimate. Be careful not to introduce inconsistencies that could raise suspicion.
3. Disable or Remove Extensions: Disable any unnecessary browser extensions, especially those related to security testing.

5. IP Address Blacklisting Bypass

If the application blocks your IP address, you can try these methods:

1. Use a VPN or Proxy: Use a different VPN or proxy server to change your IP address.
2. Rotate IPs: Rotate through multiple IP addresses using a pool of proxies.
3. Tor Network: Use the Tor network, but be aware that it can significantly slow down your connection speed.

6. Burp Suite Configuration Tips

• Invisible Proxy: Enable ‘Transparent proxying’ in Burp Suite to avoid modifying HTTP headers unnecessarily.
• Streamlined SSL Settings: Configure Burp Suite’s SSL settings carefully, ensuring it uses a compatible certificate and protocol version.
• Burp Collaborator Client: Use Burp Collaborator client for OOB checks detection.