Set up the proxy and point it to your system IP, which is running the Burp proxy either in wireless or the APN settings, which we discussed in Chapter 4, Loading up – Mobile Pentesting Tools.
Now, open the DVIA app and navigate to Menu | Transport Layer Protection | Enter Data | SEND OVER HTTP; you should be able to see the following screenshot on your system that is running the proxy:
Following the preceding steps, if you try to hit SEND OVER HTTPS, you might receive the following error, as shown in this screenshot:
Now, you have to navigate to Settings | SSL Kill Switch and turn on the option for DVIA, as shown in the following screenshot. This will disable the cert pinning on the app.
Now, your proxy should be able receive the SSL requests on your browser without any further issues.
This allows us to manipulate the encrypted traffic between the server and the mobile app channel for more server-side attacks, such as the classic SQL injection...