Laboratory - Android

┌───────────────────────────────────────────────────────────────────────────────────────────┐
│ VirtualBox:NatNetwork                                                                     │
│┌────────────────────────────────────────┐┌───────────────────────────────────────────────┐│
││ Kali (10.0.2.15)                       ││ Android (10.0.2.20)                           ││
│├────────────────────────────────────────┤├───────────────────────────────────────────────┤│
││ BurpSuitProxy (10.0.2.15:8080)         ││ Add cert on system level                      ││
││ │                                      ││ │                                             ││
││ ▼                                      ││ ▼                                             ││
││ burp.der ┌──► burp.pem ┌──► 9a5ba575.0 ││ /system/etc/security/cacerts/9a5ba575.0       ││
│├──────────┴─────────────┴───────────────┤├───────────────────────────────────────────────┤│
││                                        ││ Configuration                                 ││
││                                        ││ │                                             ││
││                                        ││ ▼                                             ││
││                                        ││ settings put global http_proxy 10.0.2.15:8080 ││
││                                        ││                                               ││
│└────────────────────────────────────────┘└───────────────────────────────────────────────┘│
└───────────────────────────────────────────────────────────────────────────────────────────┘

Android x86

Alt+F1 - Console
Alt+F7 - GUI
Proxy configuration:
- set: settings put global http_proxy <PROXY_IP>:<PROXY_PORT>
- get: settings get global http_proxy

Components

Android x86
- https://www.android-x86.org/
Kali
VirtualBox

Create cert and add it to android

on kali, export cer as burp.der
on kali, convert der to pem burp.pem
on kali, rename burp.pem to 9a5ba575.0
on kali, expose 9a5ba575.0 with python3 -m http.server 8080
on androidx86, switch to console Alt+F1, and put cert to /system/etc/security/cacerts/

export burp.der from Burp Suite

# just export cer from Burp GUI

exported burp.der convert to burp.pem

openssl x509 -inform DER -in burp.der -out burp.pem

create hash name for burp.pem

openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1

rename or copy burp.pem as 9a5ba575.0

cp burp.pem $(openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1).0

expose cert by simple http server

python3 -m http.server 80

copy cert to system dir and reboot android

cd /system/etc/security/cacerts/
wget 10.0.2.15/9a5ba575.0
chmod 644 9a5ba575.0
reboot

After the device reboots, browsing to Settings -> Security -> Trusted Credentials should show the new “Portswigger CA” as a system trusted CA. more here: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat

Virtualbox configuration

Android x86

General
- Name: Android-(Net1)
- Type: Linux
- Version: Other Linux (64-bit)
System
- Base Memory: 10GB
- Processor: 2
- Paravirtualization Interface: KVM
Display
- Screen, Video Memory: (128MB) (MAX)
- Screen, Graphics Controller: VBoxSVGA
Network
- NAT Network, (Advanced, Addapter Type PCnet-FAST |||)

Kali

Network
- NAT Network