Setup:
Raspberry Pi 3 with wlan0 interface acting as an Access Point (192.168.2.0/24) and eth0 (192.168.1.0/24) for default gateway to Internet. Pi has iptables Prerouting rules configured to forward web (port 80, 443) traffic to Burp Proxy running on my PC (on the eth0 subnet). I connect my Android phone (on version 9) to the Access Point (AP) and all web traffic is redirected to the Proxy. Certificates: I downloaded the Burp certificate and installed it in my Android phone (after changing the extension).
I can access HTTP traffic just fine. I am having certificate errors for HTTPS traffic. My browsers (Brave, Chrome, Firefox) are showing a Cert error NET::ERR_CERT_COMMON_NAME_INVALID. On investigating I found that the SAN (Subject Alt Name) should be set in self signed certificates to make browsers trust it. I saw various answers on Stackoverflow explaining how to generate such a certificate using OpenSSL. I generated one and imported it into Burp as well as my Android.
However, for HTTPS traffic I get the same error.
I tried using the Facebook app. Even the app is not able to load any data. On doing a packet capture I found that while the TLS negotiation is taking place, it gets a cert error which says (Alert: Fatal - Unknown CA).
What am I missing?
I am more interested in getting the facebook app trust this certificate and inspect the traffic on Burp. Please advise.
