I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application to go through a proxy, but sometimes that might not be the most convenient way. What if the application implements root or jailbreak detection? While it might be easily defeated, it can sometimes take several days to bypass, or you may be testing on a device that cannot be rooted or jailbroken. What if you wanted to proxy the traffic of that Wi-Fi connected IoT lightbulb that has no ability to set any proxy settings?
After running into this issue a few times, I realized that this would be a great use of my WiFi Pineapple! However, some quick digging around in the settings and available modules did not reveal any options to get my web traffic flowing to Burp Suite. Taking to Google for the answer revealed that I was not alone in my search.
Unfortunately, all of the information I found pointed to running some manual commands on the Pineapple to enable IP forwarding and setting up some firewall rules using iptables.
I didn’t dust off the Pineapple to use the CLI – I wanted to be lazy and flip a switch in a GUI. So, I decided to put together a simple module that would allow me to easily enable or disable the forwarding of web traffic to Burp Suite (or any other proxy tool).
Proxy Helper Module
The Proxy Helper module is a simple module that will automatically configure the Pineapple for IP forwarding and set up the necessary rules. When enabled, it will make a temporary firewall ruleset backup, and when disabled, it will clear out the proxy rules and restore the temporary backup. Additionally, it provides an option to create and manage manual firewall ruleset backups in the event that something goes wrong, that way you do not lose any custom configuration you may have.
If you are already familiar with getting your Pineapple up and running, you can skip this section. Before we jump into using the Proxy Helper, let’s make sure you have your Pineapple configured and connected to the Internet.
Use the Hak5 Internet connection sharing script to get your Pineapple connected to the Internet by following the guided setup. It will walk you through a few questions and then create the necessary rules for you.
Once the script has completed the setup, devices connected to your Pineapple’s Wi-Fi should have an Internet connection. A quick way to check that it is working is to attempt to load the Hak5 news bulletins from the Pineapple’s dashboard. If they load successfully, you should be good to go!
Take note of your assigned IP address on the WiFi Pineapple interface (usually 172.16.42.42). You will need this later when configuring Proxy Helper and Burp Suite.
Installing Proxy Helper
We will be submitting the module for inclusion in the official WiFi Pineapple module repository, but until it has been approved, you can download the module from our GitHub repo.
Download and unzip the file proxy_helper-master.zip and copy the ProxyHelper folder to /pineapple/modules on the Pineapple.
You should now see Proxy Helper listed under the installed modules in your Pineapple after refreshing the webpage.
Optional: Creating a Manual Firewall Rule Set Backup
While it should not be necessary, you can create a manual backup of your firewall rule set in case something goes wrong. It is recommended to do this before you start the proxy to get a snapshot of any custom rules you may have created.
To create a manual backup, simply click on the backup button and it will be available in the list below.
You can view the backup to inspect the rules, restore the backup if something goes wrong, or remove the backup if it is no longer required.
The backups are stored under the /pineapple/modules/ProxyHelper/backups directory. You could copy a backup somewhere outside of the module’s directory such as /root/ for safe keeping if you like. This way, you can save a “golden image” for your firewall rules that will survive even if you remove the Proxy Helper module.
Configuring Burp Suite
With the module installed, let’s get Burp Suite set up to proxy the web traffic passing through the Pineapple. Open up Burp Suite and navigate to Proxy > Options and go to the Proxy Listeners section to edit the proxy, then select the address that was assigned on the Pineapple’s interface (usually 172.16.42.42).
Next, switch over to the request handling tab, enable invisible proxying, and click OK.
Using Proxy Helper
With Burp Suite configured, we are now ready to start the Proxy Helper. Fill out the proxy settings using the IP address and port from your Burp Suite listener, then click on the “Stopped” button to start the proxy.
If everything was successful, the button will switch to a green “Started” and you should get a notification that the proxy was successfully started.
You should now see traffic flowing through Burp Suite for any devices that are connected to the Pineapple.
If you do not see any traffic, you may need to install Burp Suite’s Certificate Authority on the device. Additionally, some mobile applications may implement certificate pinning, which would still prevent the traffic from being intercepted. If that is the case, you could use a tool such as Objection to bypass certificate pinning for both Android and iOS. Additionally, SSL Kill Switch 2 is another option for jailbroken iOS devices.
If you have any issues, please feel free to report it on the GitHub repo. Additionally, you can find me hanging out in the TrustedSec Discord if you have any questions or suggestions!