How to configure Burp proxy with an Android emulator?

How to configure Burp Suite proxy with an Android emulator?

1. Export CA Certificate from Burp

  • Open burp and go to Proxy > Options tab and then click Import / export CA certificate.
Export certificate in DER format
  • Select DER format of certificate and save it as cacert.der
Save burp certificate as cacert.der

2. Prepare the certificate before moving to Android device.

  • Open terminal in the directory where the certificate has been saved and then run the below command to change its format.
openssl x509 -inform DER -in cacert.der -out cacert.pem
  • Now we need to get the issuer hash value of the certificate, you can obtain this information with the following command.
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
  • Let’s assume the output of the previous command is 9a5ba575, now you have to rename the certificate to this value and add .0 extension.
mv cacert.pem 9a5ba575.0

3. Move certificate info system certificates.

  • Start your Android Emulator with -writable-system flag. I recommend to use API version < 29 of the emulator system due to issues with write permission to /system.
emulator -avd VirtualDeviceName -writable-system
  • Restart adb as root.
adb root
  • To get write access to /system run command:
adb remount
  • Push the previously prepared certificate to system certificates and add appropriate permissions.
adb push 9a5ba575.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/9a5ba575.0"
  • The last step is to reboot the device.
adb reboot
PortSwigger CA Certificate Android
PortSwigger Trusted CA

4. Configure proxy.

  • Configure you proxy by entering virtual device setting in GUI “Settings > Proxy”.
Android Emulator Proxy Configuration for Burp Suite.
  • Another method is to start the emulator with -http-proxy option
emulator -avd VirtualDeviceName -writable-system -http-proxy 127.0.0.1:8080

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
secabit

secabit

Hacker and an engineer interested in networks, electronics, programming, and many others.