How to configure Burp Suite proxy with an Android emulator?
This article was made because of the little information about it (even on the official Burp website) so hope this article helps you. Here you will find information that will allow you to test and modify the network traffic of any mobile application.
I assume you already have an Android emulator set up. If you haven’t set up an Android emulator yet, or are curious about how to do it without Android Studio, check out this article.
How to run Android Emulator without Android Studio?
How to install emulator and android-sdk without Android Stuio? If you are a tester, you don’t need to download entire…
1. Export CA Certificate from Burp
- Open burp and go to Proxy > Options tab and then click Import / export CA certificate.
- Select DER format of certificate and save it as
2. Prepare the certificate before moving to Android device.
In this step, we need to change the certificate format and name it appropriately. OpenSSL is required for this step.
- Open terminal in the directory where the certificate has been saved and then run the below command to change its format.
openssl x509 -inform DER -in cacert.der -out cacert.pem
- Now we need to get the issuer hash value of the certificate, you can obtain this information with the following command.
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
- Let’s assume the output of the previous command is
9a5ba575, now you have to rename the certificate to this value and add
mv cacert.pem 9a5ba575.0
3. Move certificate info system certificates.
Trusted Certificate Authorities are stored in
/system/etc/security/cacerts on the Android system.
- Start your Android Emulator with
-writable-systemflag. I recommend to use API version < 29 of the emulator system due to issues with write permission to
emulator -avd VirtualDeviceName -writable-system
- Restart adb as root.
- To get write access to
- Push the previously prepared certificate to system certificates and add appropriate permissions.
adb push 9a5ba575.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/9a5ba575.0"
- The last step is to reboot the device.
Now you should be able to see the PortSwigger trusted CA on your device in “Settings -> Security -> Trusted Credentials”.
4. Configure proxy.
- Configure you proxy by entering virtual device setting in GUI “Settings > Proxy”.
- Another method is to start the emulator with
emulator -avd VirtualDeviceName -writable-system -http-proxy 127.0.0.1:8080
Remember that you always have to start the emulator with the
-writable-system option in order to use your certificate and make proxy working correctly. Hope I helped you setup Burp proxy with Android emulator. You can use this tutorial to similarly configure other proxies, e.g. OWASP ZAP or mitmproxy. Happy testing!