Strategies for testing mobile backend

As we have discussed, backend testing is pretty much web application testing, however, there are a few things we need to set up, to be able to see HTTP/HTTPS traffic in our favorite proxy, Burp Suite.

Setting up Burp Suite Proxy for testing

In order to test server-side vulnerabilities present in mobile apps, a proxy is an indispensable tool in a tester's arsenal. There are quite a few ways to configure the proxy based on what network you are using and the availability of an emulator/physical device. In this section, we will explore two such options to configure Burp Suite via Wi-Fi and APNs.

First step in this process is to make our proxy listen on a port, in our case it's 8082:

Go to Proxy | Options from the ...

Get Penetration Testing: A Survival Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Penetration Testing: A Survival Guide by Wolf Halton, Bo Weaver, Juned Ahmed Ansari, Srinivasa Rao Kotipalli, Mohammed A. Imran

Strategies for testing mobile backend

Setting up Burp Suite Proxy for testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly