Burp Suite: Connection to Android Emulator
Summary
This documentation covers the process of downloading Burpsuite. Then we load the Burpsuite certificate into an Android emulator, in order to be able to read the entire communication.
Requirements
- Operating System: Kali Linux
- You must have already done the Android Studio: Emulator documentation
Installation
Install Burpsuite
sudo apt-get install burpsuite
In the community edition, you have to start a new project, which will be deleted when closing.
Go to the Proxy tab -> Proxy settings
In the proxy listener, select the current listener and click edit.
Ensure that "running" is checked.
Choose a port, for example 8080.
Set the "Specific address" to the IP address of your local machine. It will automatically be the second option.
Now you can close the settings.
Device setup
You have two options to configure a proxy on the emulator:
1. Start the emulator with the proxy flag
With this option, it is not possible to turn off the proxy while working with the device. But it is slightly easier to configure.
Use this command to start the device with the Burpsuite proxy:
emulator -avd <DEVICE-NAME> -writable-system -no-snapshot -http-proxy <your-ip-address:port>
Example:
emulator -avd Pixel_6_Pro_API_28 -writable-system -no-snapshot -http-proxy 78.104.160.110:8080
2. Configure the proxy in the wifi settings
With this option, it is possible to quickly disable or change the proxy if necessary.
Go to the settings of your emulator.
Network & internet -> Wi-Fi -> Settings symbol of AndroidWifi -> pencil icon
In the advanced options under proxy, enter your IP address as the proxy hostname and the port as the proxy port.
Import CA certificate
Since Android version 7 (Nougat), most apps won't trust user certificates anymore, but rather require system certificates.
So if the emulator runs an Android version below version 7 (Nougat), it is possible to just import a user certificate.
But if you run a higher version, you need to import it as a system certificate, which is a bit harder to do.
1. User certificate (Android 6 or lower)
In the proxy settings of Burpsuite, click on "Import / export CA certificate".
Choose Export, Certificate in DER format.
Choose a name with the ending .cer, for example burp.cer
Drag the certificate we downloaded from the Linux machine to the emulator.
Go into the settings of the emulator.
Security & location -> Advanced -> Encryption & credentials -> Install from SD card
Select the certificate from the downloads folder.
Now you need to add a pin code to your device for it to work.
That's it, the certificate is successfully installed and can be seen in the user certificates section.
2. System certificate (Android 7 or higher)
For this, you have to make sure that you started the device with the -writable-system flag, otherwise, some adb commands won't work.
In the proxy settings of Burpsuite, click on "Import / export CA certificate".
Choose Export, Certificate in DER format.
Choose a name with the ending .der, for example burp.der
We use openssl, which should be pre-installed in Kali Linux.
Create a .pem file
openssl x509 -inform DER -in <CERT-NAME>.der -out <NEW-NAME>.pem
Example:
openssl x509 -inform DER -in burp.der -out burp.pem
Get the proper format for the certificate
openssl x509 -inform PEM -subject_hash_old -in <CERT-NAME>.pem | head -1
The output should be something like 9a5ba575
Now we name our certificate.pem file to the output of the above command with .0 as an ending
mv burp.pem 9a5ba575.0
Push the file to the emulator
adb push 9a5ba575.0 /sdcard
Remount the emulator
adb remount
Move the certificate to the directory the device will look for
adb shell
cd /sdcard/
mv 9a5ba575.0 /system/etc/security/cacerts/
Make sure the certificate is actually there
cd /system/etc/security/cacerts/
ls
Look for your certificate name.
Change the permissions of your certificate
chmod 644 9a5ba575.0
Now the certificate should be visible on the emulator in the system certificates under the name "PortSwigger", which is the name of the mother company of Burpsuite.
Just reboot your emulator and you're done.