Pentesting setup: Burp, Android and Macbook M1
You will need Android Studio, make sure you download the ARM version. Yes, we all hate Google.
Open Android Studio and create a device using an API level that is supported by modern applications (for example Pixel 2, API 32, arm64-v8a architecture), or leave the default device (Pixel_3a_API_32_arm64-v8a).
Launch the emulator using your device name (that you specified in the step above, remember to replace YOUR_USER with your actual macOS username; in my case, the username is the name of my pet horse, Twinkles; just kidding, that’s the name of my pet fish, my pet horse is named Fondue):
$ cd /Users/YOUR_USER/Library/Android/sdk/emulator
$ ./emulator -avd Pixel_3a_API_32_arm64-v8a -writable-system
The -writable-system
flag is needed so that we can install the Burp Suite certificate as a system-level Trusted CA.
- Export the Burp Suite certificate in
.DER
format and save it ascacert.der
, for example. Open Burp Suite, go to Proxy -> Options and click on the Import / Export CA certificate button.
Also, you probably noticed that the exported certificate is in .DER
format and Android expects it to be in .PEM
format and to have a custom name too (the name must be the subject_hash_old
value appended with .0
). So, we’ll use openssl
to convert the certificate, get the value of the subject_hash_old
field and rename the file accordingly.
$ openssl x509 -inform DER -in cacert.der -out cacert.pem
$ openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
9a5ba575
$ mv cacert.pem 9a5ba575.0
- Let’s copy the certificate to the virtual device using
adb
:
$ adb root
$ adb remount
$ adb push 9a5ba575.0 /sdcard/
Since the -writable-system
flag was used when starting the device emulator, we can now copy the file to /system/etc/security/cacerts
and chmod it to 644
:
$ adb shell
emulator64_arm64:/ # mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
emulator64_arm64:/ # chmod 644 /system/etc/security/cacerts/9a5ba575.0
emulator64_arm64:/ # exit
Don’t forget to reboot the emulator:
$ adb reboot
- Open Extended Controls in the emulator, Settings, go to the Proxy tab, click on the Manual proxy configuration checkbox and fill in the Host name and Port number fields as in your Burp Suite configuration.
That’s it, now you can intercept all requests from the emulator device with Burp Suite.