Login

u/vexar_69

▲ 10 r/hackthebox

Android Pentesting

Hi, I'm getting into Android pentesting and need some guidance on the best setup for intercepting app traffic.

Specifically I'm struggling with:

  • Best tools/setup for intercepting HTTPS traffic from Android apps using Burp Suite
  • How to bypass SSL pinning on apps that implement it (especially heavily protected apps like games)
  • Whether to use a physical device or emulator, and pros/cons of each
  • No-root methods vs rooted device — what's actually practical in 2026?

My current setup is Kali Linux on laptop and a physical Android phone. I can intercept basic browser traffic fine but struggle with apps that have SSL pinning or ignore the system proxy.

What would you recommend as the most practical and complete setup for Android app traffic interception and pentesting?

reddit.com
u/vexar_69 — 2 days ago
▲ 15 r/tryhackme

Android Pentesting...?

Hi, I'm getting into Android pentesting and need some guidance on the best setup for intercepting app traffic.

Specifically I'm struggling with:

  • Best tools/setup for intercepting HTTPS traffic from Android apps using Burp Suite
  • How to bypass SSL pinning on apps that implement it (especially heavily protected apps like games)
  • Whether to use a physical device or emulator, and pros/cons of each
  • No-root methods vs rooted device — what's actually practical in 2026?

My current setup is Kali Linux on laptop and a physical Android phone. I can intercept basic browser traffic fine but struggle with apps that have SSL pinning or ignore the system proxy.

What would you recommend as the most practical and complete setup for Android app traffic interception and pentesting?

reddit.com
u/vexar_69 — 2 days ago
▲ 1 r/indiehackersindia

Android Pentesting..?

Hi, I'm getting into Android pentesting and need some guidance on the best setup for intercepting app traffic.

Specifically I'm struggling with:

  • Best tools/setup for intercepting HTTPS traffic from Android apps using Burp Suite
  • How to bypass SSL pinning on apps that implement it (especially heavily protected apps like games)
  • Whether to use a physical device or emulator, and pros/cons of each
  • No-root methods vs rooted device — what's actually practical in 2026?

My current setup is Kali Linux on laptop and a physical Android phone. I can intercept basic browser traffic fine but struggle with apps that have SSL pinning or ignore the system proxy.

What would you recommend as the most practical and complete setup for Android app traffic interception and pentesting?

reddit.com
u/vexar_69 — 2 days ago