Skip to content

Web Proxy

Jump to bottom
Paradis Perdu edited this page Feb 27, 2019 · 1 revision

On an Emulated Device

adb reverse tcp:8080 tcp:8080

  • Settings > Wireless & Networks > Cellular or wirelesss & networks > Mobile Networks > Access Point Names > 127.0.0.1 > 8080 > Save

Installing CA Before 7.0

  • Download Burp CA to testing laptop
  • Change the extension from .der to .cer
  • Push the certificate to the device
  • Settings > Security > Install from SD Card
  • Select cacert.cer

Install Burp CA as a System Level Trusted CA

To locate the system CA's bundled in a device:

  • Systems > Security > Trusted Credentials

These are stored in :

/system/etc/security/cacerts

You need root privs to write to this location

Generating Burp CA

The Burp CA needs to be one that lasts for 365 days.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt

openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt

  • Import the certificate into burp
  • Download the DER file from burp
  • Convert the DER to PEM
  • Calculate a hashcode of the certificate

openssl x509 -inform der -in cacert.der -out cacert.pem

openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1

  • rename the certificate to <hash>.0

Installing New Cert to Physical Device

  • Copy certificate to the phone
  • Mount /system as RW
  • Move it to /system/etc/security/cacerts
  • Change the permissions to 644
  • reboot the phone
adb push hash.0 /sdcard/

adb root

adb shell

mount -o rw,remount /system

mv /sdcard/hash.o /system/etc/security/cacerts

chmod 644 /system/etc/security/cacerts/hash.o

adb reboot

Installing New Cert to an Emulator

  • Launch the emulator with the writeable-system flag
  • remount the filesystem
  • push the certificate into /system/etc/secuirty/cacerts
  • change permissions
  • Reboot
Emulator -avd <emulator Image> -writeable-system

adb root

adb remount

adb push hash.0 /system/etc/security/cacerts

adb chmod 644 /system/etc/security/cacerts/hash.0

adb reboot

Alternative Method

  • Dissasemble APK
  • Add a new XML resource to define a network security profile
  • Modify AndroidManifest.xml
  • Repackage and self sign the APK

<application android:networkSecurityConfig="@xml/network_securityConfig"

Clone this wiki locally