Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure API communications, authentication flaws, data leakage, and server-side vulnerabilities. Use when performing mobile application penetration testing, assessing API security, or evaluating client-server communication patterns. Activates for requests involving mobile traffic interception, Burp Suite mobile proxy, API security testing, or mobile HTTPS analysis.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionintercepting-mobile-traffic-with-burpsuiteExecute the skills CLI command in your project's root directory to begin installation:
Fetches intercepting-mobile-traffic-with-burpsuite from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate intercepting-mobile-traffic-with-burpsuite. Access via /intercepting-mobile-traffic-with-burpsuite in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | intercepting-mobile-traffic-with-burpsuite |
| description | 'Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure API communications, authentication flaws, data leakage, and server-side vulnerabilities. Use when performing mobile application penetration testing, assessing API security, or evaluating client-server communication patterns. Activates for requests involving mobile traffic interception, Burp Suite mobile proxy, API security testing, or mobile HTTPS analysis. ' |
| domain | cybersecurity |
| subdomain | mobile-security |
| author | mahipal |
| tags | - mobile-security - android - ios - burp-suite - traffic-interception - penetration-testing |
| version | 1.0.0 |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - PR.AA-05 - ID.RA-01 - DE.CM-09 |
Use this skill when:
Do not use this skill to intercept traffic from applications you are not authorized to test -- traffic interception without authorization violates computer fraud laws.
Burp Suite > Proxy > Options > Proxy Listeners:
- Bind to address: All interfaces (or specific IP)
- Bind to port: 8080
- Enable "Support invisible proxying"
Verify the listener is active and note the workstation's IP address on the shared network.
Android:
Settings > Wi-Fi > [Network] > Advanced > Manual Proxy
- Host: <burp_workstation_ip>
- Port: 8080
iOS:
Settings > Wi-Fi > [Network] > Configure Proxy > Manual
- Server: <burp_workstation_ip>
- Port: 8080
Android (below API 24):
# Export Burp CA from Proxy > Options > Import/Export CA Certificate
# Transfer to device and install via Settings > Security > Install from storage
Android (API 24+ / Android 7+): Apps targeting API 24+ do not trust user-installed CAs by default. Options:
# Option A: Modify app's network_security_config.xml (requires APK rebuild)
# Add to res/xml/network_security_config.xml:
# <network-security-config>
# <debug-overrides>
# <trust-anchors>
# <certificates src="user" />
# </trust-anchors>
# </debug-overrides>
# </network-security-config>
# Option B: Install as system CA (rooted device)
openssl x509 -inform DER -in burp-ca.der -out burp-ca.pem
HASH=$(openssl x509 -inform PEM -subject_hash_old -in burp-ca.pem | head -1)
cp burp-ca.pem "$HASH.0"
adb push "$HASH.0" /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/$HASH.0
# Option C: Magisk module (MagiskTrustUserCerts)
iOS:
1. Navigate to http://<burp_ip>:8080 in Safari
2. Download Burp CA certificate
3. Settings > General > VPN & Device Management > Install profile
4. Settings > General > About > Certificate Trust Settings > Enable full trust
With proxy configured, open the target app and navigate through its functionality:
Burp Suite > Proxy > HTTP History: Review all captured requests and responses.
Key areas to analyze:
Forward intercepted requests to Repeater for manual testing:
Right-click request > Send to Repeater
Test categories:
- Authentication bypass: Remove/modify auth tokens
- IDOR: Modify user IDs, object references
- Injection: SQL injection, NoSQL injection in parameters
- Rate limiting: Rapid request replay for brute force assessment
- Business logic: Modify prices, quantities, permissions in requests
Right-click request > Do active scan (Professional only)
Scanner checks:
- SQL injection (error-based, blind, time-based)
- XSS (reflected, stored)
- Command injection
- Path traversal
- XML/JSON injection
- Authentication flaws
If traffic is not visible due to certificate pinning:
# Frida-based bypass (generic)
frida -U -f com.target.app -l ssl-pinning-bypass.js
# Objection bypass
objection --gadget com.target.app explore
ios sslpinning disable # or
android sslpinning disable
| Term | Definition |
|---|---|
| MITM Proxy | Man-in-the-middle proxy that terminates and re-establishes TLS connections to inspect encrypted traffic |
| Certificate Pinning | Client-side validation that restricts accepted server certificates beyond the OS trust store |
| Network Security Config | Android XML configuration controlling app trust anchors, cleartext traffic policy, and certificate pinning |
| Invisible Proxying | Burp feature handling non-proxy-aware clients that don't send CONNECT requests |
| IDOR | Insecure Direct Object Reference -- accessing resources by manipulating identifiers without authorization checks |
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
intercepting-mobile-traffic-with-burpsuite reduced setup friction for our internal harness; good balance of opinion and flexibility.
We added intercepting-mobile-traffic-with-burpsuite from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
intercepting-mobile-traffic-with-burpsuite is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Keeps context tight: intercepting-mobile-traffic-with-burpsuite is the kind of skill you can hand to a new teammate without a long onboarding doc.
We added intercepting-mobile-traffic-with-burpsuite from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
intercepting-mobile-traffic-with-burpsuite reduced setup friction for our internal harness; good balance of opinion and flexibility.
intercepting-mobile-traffic-with-burpsuite is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
We added intercepting-mobile-traffic-with-burpsuite from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Keeps context tight: intercepting-mobile-traffic-with-burpsuite is the kind of skill you can hand to a new teammate without a long onboarding doc.
intercepting-mobile-traffic-with-burpsuite fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
showing 1-10 of 34