While testing mobile applications, we need to set up a proxy to monitor the app's requests behind the pretty GUI. This article will show you how to set up a Burp Suite Proxy to work with an Android emulator.
We are using a Pixel 4 AVD image with Playstore enabled for this tutorial.
Select Android 11 (API 30) as a system image.
If you have burp installed, go to the Proxy tab and then click Options.
Under Proxy Listeners, click the Add button to create a new proxy listener. Choose the port you desire and click ok.
Now, we will export the CA certificates from burp.
Under the same tab, click on the "Import / export CA certificate" button.
Export it as DER format but save it with the .crt extension.
On your emulator, click on the ... icon, then go to Settings.
Under the Proxy tab, configure the following settings, then click apply.
💡 Make sure the port number in the emulator is the same as in your burp settings.
To transfer the certs into your device for installation, you can simply drag and drop the .crt certificate into the emulator, or you can use adb to push the file to the AVD.
Once you transfer the certificate, go to Settings > Security > Encryption & Credentials. Then click on the "Install certificates from SD card" option.
Select the Certificate file. If you dragged and dropped the file, it will be under /sdcard/Downloads.
Once installed, you can check your certificate under the Trusted credentials tab.
With this, you can start browsing the web through chrome and fill up the request in burp.
But we are not done yet. From Android 7 and upwards, Android uses 2 different Trust Stores, the user trust store and the system trust store. Chrome is one of the few apps that trust custom root CA certificates installed by the user. However, unlike chrome, most apps nowadays don't trust the certificates that are not from the System Trust Store.
We will have to inject our CA cert into the System Trust Store to solve this. There are various ways to do this, but one of the easiest ways is to use magisk and a module.
‼️Security Caution:
The script below is an Open Source Tool developed by newbit. Running unknown script on your system is often dangerous and is discouraged. The source code of this
script is available on Github for you to audit yourself, but running opensource scripts and tools is a matter of trust. They can be changed at any given time to
contain malicious code that can collect your data or do anything nefarious with your system. Continue at your own risk as any actions and activities related to
the material contained within is solely your responsibility. We will not be held responsible in the event any damages is incurred.