How to intercept Paytm Android App Network Traffic using Burp and Frida?

Viral Vaghela
4 min readSep 3, 2023

--

Paytm, which stands for “Pay Through Mobile,” is an Indian digital payment and financial services platform. It was founded in 2010 by Vijay Shekhar Sharma and is headquartered in Noida, India. Paytm initially started as a mobile recharge and bill payment platform but has since expanded its services to become a comprehensive digital financial ecosystem.

In this blog I will show you how you can intercept Paytm’s network traffic and access HTTPS requests in plain text,

Tools required

  1. Burp Suite
  2. Memu Android Emulator
  3. Frida Server

First Download Emulator MEmu — The Best Android Emulator for PC — Free Download (memuplay.com) and Burp from Download Burp Suite Community Edition — PortSwigger, then download Frida server from Releases · frida/frida (github.com), you also need frida-tools and some packages installed in your PC, run the following

python -m pip install Frida
python -m pip install objection
python -m pip install frida-tools

Once everything is installed, Let’s configure the Burp proxy in Emulator.

Open CMD / terminal and run

ipconfig  

Check the IPv4 Address, Copy it, and open WiFi settings in Emulator

Set the port to 8080, or you can add whatever you want. Now start the burp suite open proxy settings and select the same IPv4 and port

Click on OK and save it, Now need to Download the burp CA Certificate inside the emulator and install it on the Android device.

Open Google Chrome in emulator, and type

http://burp

Click on the CA Certificate and download it. Now Goto /Downloads directory and change the extension from der to cer,

Goto Settings and search Certificate, you will find the option “Install Certificates — Wi-Fi Preferences” Click on it and install the certificate file, so it won't show any HTTPS error in the browser.

Now Let’s Setup Frida Server in the Emulator

Push Frida server into /data/local/tmp

adb push SERVER_FILE /data/local/tmp

Push CA Certificate

adb push CERTIFICATE_FILE /data/local/tmp/cert-der.crt

We also need an SSL Bypass script, which is required to bypass Paytm’s SSL Pinning, Download that .js file from here Frida CodeShare

Now run the Frida server

adb shell root
cd /data/local/tmp/
./frida-server-16.1.3-android-x86_64

Once it is running, Start the interceptor in the burp suite.

Keep the server running in one terminal and open another terminal, run the following command to get the list of all packages and apps installed on Android emulator

frida-ps -Uai

Copy the package name

and run the following command to invoke Paytm application and bypass SSL Pinning,

frida -U -f net.one97.paytm -l frida-multiple-unpinning.js --pause

Once the application starts, enter %resume, and Boom!!!,

You will be able to see network traffic in the burp suite.

Why Memu? and not other emulators?

Because the Paytm app is checking for x64 Arm Architecture, I have also tried Nox, where the app is crashing, but Memu can run x64 Arm apps, also make sure Root Mode is set to Off in Emulator Settings.

If you have any questions, feel free to comment below or connect with me on

Linkedin: https://www.linkedin.com/in/viralv/

Github : https://github.com/viralvaghela/

--

--

Viral Vaghela

𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 Researcher • Software Developer •