How to intercept Paytm Android App Network Traffic using Burp and Frida?
Paytm, which stands for “Pay Through Mobile,” is an Indian digital payment and financial services platform. It was founded in 2010 by Vijay Shekhar Sharma and is headquartered in Noida, India. Paytm initially started as a mobile recharge and bill payment platform but has since expanded its services to become a comprehensive digital financial ecosystem.
In this blog I will show you how you can intercept Paytm’s network traffic and access HTTPS requests in plain text,
Tools required
- Burp Suite
- Memu Android Emulator
- Frida Server
First Download Emulator MEmu — The Best Android Emulator for PC — Free Download (memuplay.com) and Burp from Download Burp Suite Community Edition — PortSwigger, then download Frida server from Releases · frida/frida (github.com), you also need frida-tools and some packages installed in your PC, run the following
python -m pip install Frida
python -m pip install objection
python -m pip install frida-tools
Once everything is installed, Let’s configure the Burp proxy in Emulator.
Open CMD / terminal and run
ipconfig
Check the IPv4 Address, Copy it, and open WiFi settings in Emulator
Set the port to 8080, or you can add whatever you want. Now start the burp suite open proxy settings and select the same IPv4 and port
Click on OK and save it, Now need to Download the burp CA Certificate inside the emulator and install it on the Android device.
Open Google Chrome in emulator, and type
http://burp
Click on the CA Certificate and download it. Now Goto /Downloads directory and change the extension from der to cer,
Goto Settings and search Certificate, you will find the option “Install Certificates — Wi-Fi Preferences” Click on it and install the certificate file, so it won't show any HTTPS error in the browser.
Now Let’s Setup Frida Server in the Emulator
Push Frida server into /data/local/tmp
adb push SERVER_FILE /data/local/tmp
Push CA Certificate
adb push CERTIFICATE_FILE /data/local/tmp/cert-der.crt
We also need an SSL Bypass script, which is required to bypass Paytm’s SSL Pinning, Download that .js file from here Frida CodeShare
Now run the Frida server
adb shell root
cd /data/local/tmp/
./frida-server-16.1.3-android-x86_64
Once it is running, Start the interceptor in the burp suite.
Keep the server running in one terminal and open another terminal, run the following command to get the list of all packages and apps installed on Android emulator
frida-ps -Uai
Copy the package name
and run the following command to invoke Paytm application and bypass SSL Pinning,
frida -U -f net.one97.paytm -l frida-multiple-unpinning.js --pause
Once the application starts, enter %resume, and Boom!!!,
You will be able to see network traffic in the burp suite.
Why Memu? and not other emulators?
Because the Paytm app is checking for x64 Arm Architecture, I have also tried Nox, where the app is crashing, but Memu can run x64 Arm apps, also make sure Root Mode is set to Off in Emulator Settings.
If you have any questions, feel free to comment below or connect with me on
Linkedin: https://www.linkedin.com/in/viralv/
Github : https://github.com/viralvaghela/