Proxy Agent is a tool that is created to ease the proxy connection setup process between a rooted Android device to a computer that is running BurpSuite.
The goal of Proxy Agent is to enable a seamless proxy setup experience for Mobile Pentesters/Security Researchers, freeing them from the lengthy proxy setup process and Burp CA Certificate import process, enabling them to spend their time discovering new vulnerabilities instead 😊
Proxy Agent consists of Proxy Agent, an Android Application and Proxy Agent Add-on, a Magisk module.
The Android Application provides the UI for the user and holds most of the functions that are needed to run the tool, while the Magisk module helps move Burp's CA Certificate from the user store to the system store.
The Magisk module is inspired by MagiskTrustUserCerts which provides almost the same function with the Proxy Agent Add-on, albeit with slight modifications. If you have MagiskTrustUserCerts installed in your Magisk, you do not need to install the Proxy Agent Add-on.
Note: Tested on Android 7 (Nexus 6P), Android 10 (Redmi Note 8), and Android 11 (Google Pixel 3XL)
To deploy Proxy Agent, you would require:
- A rooted Android phone.
- With Magisk Manager installed.
And... That's it!
To begin installation, download the APK file and Magisk module in the Release.
- Use the
install
command to install the APK file.
adb install proxyagent.apk
- Install the APK file by clicking on it.
- Push the
Proxy_Agent_Addon.zip
file into your Android's Download folder.
adb push Proxy_Agent_Addon.zip /storage/emulated/0/Download
-
Once it is done, launch Magisk Manager, click on the Modules tab and press
Install from storage
. -
Locate the
Proxy_Agent_Addon.zip
zip file and install it.
- Try connecting to adb shell on your Android device and do a ping to your computer's IP address that is hosting BurpSuite
- Setup the firewall rule in your computer to allow incoming and outgoing traffic at port 8080 (To your BurpSuite's port)
- Try to import BurpSuite CA Certificate again
- Plans to make the installation easier
- Addition of more features like SSL pinning bypass and more..