1.让Android手机和PC连入同一个网段的wifi,即在同一个无线局域网环境下。
2. 查看PC的IP地址,cmd输入ipconfig命令
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204150803990-1117803939.png)
3.打开Burpsuite,设置Proxy Listener(Proxy->Option->Proxy Listener->add)
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204151149896-1039425975.png)
点击"Add"按钮,设置新的代理监听器,地址就填刚刚看到PC端的IP地址,在这里是192.168.1.188(根据实际情况有所不同),端口填8080
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204151430318-1262880544.png)
设置无法访问SSL网站(Certificate→Use a self-signed certificate)
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204151818318-254836026.png)
4.设置编码 (此设置仅让UTF-8编码数据显示正常,复制文本数据流编码未实际改变。)
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204152127787-310502379.png)
5.被动扫描 Scanner→Live Passive Scanning→Scan everything
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204152127787-310502379.png)
5.被动扫描 Scanner→Live Passive Scanning→Scan everything
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204152332459-1900574886.png)
6.设置手机代理
点击设置
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204152736771-1150348197.png)
点击wlan
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204152923381-1070472193.png)
长按wiredSSID,点击修改
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204153132881-144900190.png)
选择显示高级选项 填写pc机ip 代理端口8080
![](https://images2015.cnblogs.com/blog/995033/201612/995033-20161204153441506-1685991371.png)
常见故障
1:
Burp proxy error: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
找到jre/lib/security/java.security
将jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
改为jdk.certpath.disabledAlgorithms=
2:
无法在沙盘启动浏览器模式下正常工作。
安卓测试HTTPS服务
https://support.portswigger.net/customer/portal/articles/1841102-Mobile%20Set-up_Android%20Device%20-%20Installing%20CA%20Certificate.html
1:
Burp proxy error: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
找到jre/lib/security/java.security
将jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
改为jdk.certpath.disabledAlgorithms=
2:
无法在沙盘启动浏览器模式下正常工作。
安卓测试HTTPS服务
https://support.portswigger.net/customer/portal/articles/1841102-Mobile%20Set-up_Android%20Device%20-%20Installing%20CA%20Certificate.html