How to configure Burp Suite proxy with an Android emulator?

This article was made because of the little information about it (even on the official Burp website) so hope this article helps you. Here you will find information that will allow you to test and modify the network traffic of any mobile application.

I assume you already have an Android emulator set up. If you haven’t set up an Android emulator yet, or are curious about how to do it without Android Studio, check out this article.

How to run Android Emulator without Android Studio?

1. Export CA Certificate from Burp

• Open burp and go to Proxy > Options tab and then click Import / export CA certificate.

• Select DER format of certificate and save it as cacert.der

2. Prepare the certificate before moving to Android device.

In this step, we need to change the certificate format and name it appropriately. OpenSSL is required for this step.

• Open terminal in the directory where the certificate has been saved and then run the below command to change its format.

openssl x509 -inform DER -in cacert.der -out cacert.pem

• Now we need to get the issuer hash value of the certificate, you can obtain this information with the following command.

openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1

• Let’s assume the output of the previous command is 9a5ba575, now you have to rename the certificate to this value and add .0 extension.

mv cacert.pem 9a5ba575.0

3. Move certificate info system certificates.

Trusted Certificate Authorities are stored in /system/etc/security/cacerts on the Android system.

• Start your Android Emulator with -writable-system flag. I recommend to use API version < 29 of the emulator system due to issues with write permission to /system.

emulator -avd VirtualDeviceName -writable-system

• Restart adb as root.

adb root

• To get write access to /system run command:

adb remount

• Push the previously prepared certificate to system certificates and add appropriate permissions.

adb push 9a5ba575.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/9a5ba575.0"

• The last step is to reboot the device.

adb reboot

Now you should be able to see the PortSwigger trusted CA on your device in “Settings -> Security -> Trusted Credentials”.

PortSwigger Trusted CA

4. Configure proxy.

• Configure you proxy by entering virtual device setting in GUI “Settings > Proxy”.

• Another method is to start the emulator with -http-proxy option

emulator -avd VirtualDeviceName -writable-system -http-proxy 127.0.0.1:8080

Summary

Remember that you always have to start the emulator with the -writable-system option in order to use your certificate and make proxy working correctly. Hope I helped you setup Burp proxy with Android emulator. You can use this tutorial to similarly configure other proxies, e.g. OWASP ZAP or mitmproxy. Happy testing!