How to configure Burp proxy with an Android emulator?

How to configure Burp Suite proxy with an Android emulator?

This article was made because of the little information about it (even on the official Burp website) so hope this article helps you. Here you will find information that will allow you to test and modify the network traffic of any mobile application.

I assume you already have an Android emulator set up. If you haven’t set up an Android emulator yet, or are curious about how to do it without Android Studio, check out this article.

1. Export CA Certificate from Burp

  • Open burp and go to Proxy > Options tab and then click Import / export CA certificate.
Export certificate in DER format
  • Select DER format of certificate and save it as cacert.der
Save burp certificate as cacert.der

2. Prepare the certificate before moving to Android device.

In this step, we need to change the certificate format and name it appropriately. OpenSSL is required for this step.

  • Open terminal in the directory where the certificate has been saved and then run the below command to change its format.
openssl x509 -inform DER -in cacert.der -out cacert.pem
  • Now we need to get the issuer hash value of the certificate, you can obtain this information with the following command.
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
  • Let’s assume the output of the previous command is 9a5ba575, now you have to rename the certificate to this value and add .0 extension.
mv cacert.pem 9a5ba575.0

3. Move certificate info system certificates.

Trusted Certificate Authorities are stored in /system/etc/security/cacerts on the Android system.

  • Start your Android Emulator with -writable-system flag. I recommend to use API version < 29 of the emulator system due to issues with write permission to /system.
emulator -avd VirtualDeviceName -writable-system
  • Restart adb as root.
adb root
  • To get write access to /system run command:
adb remount
  • Push the previously prepared certificate to system certificates and add appropriate permissions.
adb push 9a5ba575.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/9a5ba575.0"
  • The last step is to reboot the device.
adb reboot

Now you should be able to see the PortSwigger trusted CA on your device in “Settings -> Security -> Trusted Credentials”.

PortSwigger CA Certificate Android
PortSwigger Trusted CA

4. Configure proxy.

  • Configure you proxy by entering virtual device setting in GUI “Settings > Proxy”.
Android Emulator Proxy Configuration for Burp Suite.
  • Another method is to start the emulator with -http-proxy option
emulator -avd VirtualDeviceName -writable-system -http-proxy


Remember that you always have to start the emulator with the -writable-system option in order to use your certificate and make proxy working correctly. Hope I helped you setup Burp proxy with Android emulator. You can use this tutorial to similarly configure other proxies, e.g. OWASP ZAP or mitmproxy. Happy testing!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store