pimterry
commented
2 years ago What’s the difference between using http toolkit and burp. Both should work the same way isn’t it?
Hi @luk0y! There's two major differences in how HTTP Toolkit intercepts traffic compared to other similar tools, which could cause this:
- On rooted devices and most emulators, HTTP Toolkit intercepts system certificates, while other approaches only inject user certificates. By default, most apps will only trust system certificates, so injecting user certificates doesn't work unless you edit the app to enable debugging, or unless you're using an app like Chrome that actively allows this.
- HTTP Toolkit uses a VPN app, which manually redirects packets, in addition to setting the device proxy settings. This allows it to redirect more traffic than setting proxy settings alone, as some apps (intentionally or through bugs) will ignore the device's proxy settings to always send traffic directly.
Does that make sense? There's more on how this works under the hood on the blog:
- VPN interception: https://httptoolkit.tech/blog/inspecting-android-http/
- HTTPS interception with system certificates: https://httptoolkit.tech/blog/intercepting-android-https/
Hopefully this explains what was happening for you in #16 as well. There are many many other smaller improvements and tricks that HTTP Toolkit uses to capture more traffic and reliably & easily connect clients, but I think those two are the most likely cause in your case.
(By the way, thanks for sponsoring! I really appreciate the support :+1:)
luk0y
Maybe it’s not the right place to ask this question. I am trying to intercept an android app(it doesn’t have ssl Pinner). I am able to get all the links while using http tool kit but not when trying with burpsuite. Most of the links are not showing in burp. I am sure that it’s not because of the filtering . Kindly help me with it. What’s the difference between using http toolkit and burp. Both should work the same way isn’t it?