Skip to main content

How to use Burp suite with Genymotion Device image (PaaS)?

  • Updated

Prerequisites

  • Burp suite
  • Android SDK platform-tools (adb)
  • openssl (optional)

Step 1 - Set up Burp Suite

Go to the proxy tab then the options tab. Add a new listener on all interfaces on whatever port you'd like, we will choose 8080:

img3.png

Click import/export CA certificate --> Export --> Certificate in DER format --> Choose a path and name it anything with a .cer extension --> Next

Note

We will use the name Burp_cert.cer as an example for this tutorial.

Step 2 - Install the certificate

Method 1 - Install the certificate as a User CA certificate

  1. Spin up your instance.
  2. Drag'n drop the Burtp_cert.cer to the device display.
  3. Go to Android Settings and search install a certificate. In the results, click Install certificates from SD Card and select CA certificate. Click install anyway to bypass the warning.
  4. Navigate to /sdcard/Download and click on Burp_cert.cer.
  5. If you are using Android 9 or below, you may be requested to set a secure lock screen. Comply and set a lock:
    img6.png

To verify whether the certificate is properly installed, go to Android settings, search and click Trusted credentials. You should see the certificate in the USER tab:

PaaS_SaaS_user_certificate.png

Method 2 - Install as a system-level trusted CA

Warning

This method is for advanced users and may break the Android system: it should only be considered as last resort if Method 1 fail. Use at your own risks!

1. Convert the certificate

First, we need to convert Burp certificate into PEM format. Use openssl to convert DER to PEM, then output the subject_hash_old:

openssl x509 -inform DER -in Burp_cert.cer -out Burp_cert.pem
openssl x509 -inform PEM -subject_hash_old -in Burp_cert.pem |head -1

Then, rename the file with the output hash from the last command. For example, if the hash is 9a5ba575, rename the file as 9a5ba575.0:

mv Burp_cert.pem 9a5ba575.0

2. Install the certificate

  1. Spin up your instance and connect it to ADB.
  2. Upload and install the .0 certificate:
    # (optional) if you use an unrooted device, switch to root
    adb root
    # remount the system partition
    adb remount
    # Upload the certificate
    adb push <cert>.0 /system/etc/security/cacerts/
    # Change the certificate authorization
    adb shell chmod 664 /system/etc/security/cacerts/<cert>.0

    For example, with the 9a5ba575.0 certificate:
    adb remount
    adb push 9a5ba575.0 /system/etc/security/cacerts/
    adb shell chmod 664 /system/etc/security/cacerts/9a5ba575.0
  3. Reboot the device:
    adb reboot

     

After the device reboots, browsing to Settings -> Security -> Trusted Credentials should show the new “Portswigger CA” as a system trusted CA:

portswigger_system_ca.png

Step 3 - Setup Android global proxy

Important

If the global proxy is still set after rebooting ot stopping the instance, Wifi will be unavailable the next time a device is started from this recipe. To avoid this, make sure to unset the global proxy before. See "Disable global proxy" section.

  1. If you haven't done it yet, connect your instance to ADB
  2. Configure the virtual device global proxy using ADB. Here we use port 3333 but you can use any other port as long as it is available:
    adb shell settings put global http_proxy localhost:3333
  3. Bind Burp proxy to the device proxy configuration using the following command. We have setup Burp suite to listen to port 8080, so we will bind to this port:
    adb reverse tcp:3333 tcp:8080

From there, your instance network should be intercepted by Burp suite.

Step 4 - Disable global proxy

Before stopping or rebooting the instance, make sure to disable the global proxy:

adb shell settings put global http_proxy :0

Related articles