Configuring Burp Suite with Genymotion Emulator or Android Emulator for HTTPS Interception

In this guide, we'll walk through the steps required to set up Burp Suite Community Edition for intercepting HTTPS traffic from a Genymotion emulator or Android emulator. This setup is essential for analyzing and testing mobile applications for security vulnerabilities. 

Here’s the corrected and well-structured blog content based on your input:

---

### **Prerequisite Software:**

Before we begin, install the following software:

1. **Burp Suite Community Edition**  

   Download it from the official site:  

   [Burp Suite Community Edition](https://portswigger.net/burp/communitydownload)


2. **Genymotion or Android Emulator**  

   You can choose either of the emulators based on your preference.


3. **OpenSSL**  

   Download OpenSSL binaries:  

   [OpenSSL Binaries](https://wiki.openssl.org/index.php/Binaries)

---

### **Step-by-Step Guide:**

#### **Step 1: Download Burp Suite Certificate**

- Open Burp Suite and navigate to the "Proxy" tab.

- Under the "Intercept" tab, click on "Options" and find the "CA Certificates" section.

- Click "Download" to get the Burp Suite certificate.

---

#### **Step 2: Export the `.cer` File from Burp Suite**

- Once downloaded, you will receive a `.cer` certificate file.

- This file is necessary for configuring trusted certificates on your device.

---

#### **Step 3: Install Burp Suite Certificate as Trusted CA**

There are two methods to install the certificate as a trusted Certificate Authority (CA):

- **Method 1: User-Level Trusted CA**  

   Install the certificate at the user level.

- **Method 2: System-Level Trusted CA**  

   Install the certificate at the system level for all users.

---

#### **Step 4: Convert Burp Suite Certificate to PEM Format Using OpenSSL**

1. **Download the certificate to your system:**

   Run the following command in your terminal:

   ```bash

   curl localhost:8080/cert -o cert.der

   ```

2. **Convert the certificate to PEM format:**

   For a `.cer` file:

   ```bash

   openssl x509 -inform DER -in cert.der -out burp.pem

   ```

   For a `.der` file:

   ```bash

   openssl x509 -inform DER -in cert.der -out burp.pem

   ```

3. **Create a subject hash for the certificate:**

   ```bash

   openssl x509 -inform PEM -subject_hash_old -in burp.pem

   ```

4. **Rename the certificate** to match the hash generated:

   ```bash

   mv burp.pem 9a5ba575.0

   ```

5. **Verify the certificate's subject:**

   ```bash

   openssl x509 -inform PEM -subject -in 9a5ba575.0

   ```

---

#### **Step 5: Install the Certificate in Genymotion Emulator (or Android Emulator)**

1. **List connected devices**:  

   Run the following command to see your connected emulator:

   ```bash

   adb devices -l

   ```

2. **Access the emulator shell**:

   ```bash

   adb shell

   ```

   If needed, run the following command to exit the shell:

   ```bash

   exit

   ```

3. **Push the certificate to the emulator**:

   ```bash

   adb push 9a5ba575.0 /system/etc/security/cacerts/

   ```

4. **Mount the system partition in read-write mode** (required to modify the system certificate store):

   ```bash

   adb shell

   su

   mount -o remount,rw /

   ```

   Exit the shell after the remount:

   ```bash

   exit

   ```

5. **Push the certificate again**:

   ```bash

   adb push 9a5ba575.0 /system/etc/security/cacerts/

   ```

---

#### **Step 6: Verify the Certificate in the Emulator**

1. On the emulator, go to:

   **Settings** → **Security** → **Encryption & Credentials** → **Trusted Credentials**.

2. Look for the “PostSwagger” certificate in the list of trusted credentials.

---

#### **Step 7: Proxy Configuration**

Now, configure the proxy to route all traffic through Burp Suite for interception:

1. **Enable Proxy on the Emulator**:  

   Run the following command in the emulator shell to set the proxy:

   ```bash

   adb shell

   ip addr

   ```

   Set the HTTP proxy:

   ```bash

   settings put global http_proxy 10.0.0.1:8080

   ```

---

#### **Final Step: Enable Interception in Burp Suite**

1. In Burp Suite, navigate to the "Proxy" tab and ensure the "Intercept is on" option is enabled.

2. Now, Burp Suite will start intercepting HTTP/HTTPS requests from the emulator.

---

**Conclusion:**

You have successfully configured Burp Suite with the Genymotion or Android emulator. You can now intercept and analyze HTTPS traffic from your mobile applications, providing insights into security vulnerabilities and helping with penetration testing.

---

This should be well-structured for a blog post with clear steps and helpful details. Let me know if you need any more changes!



Comments

Post a Comment

Popular posts from this blog

Google Assistant Implementation in Android application with app actions

Image
  Process flow to create app action in android native: Step 1) Create action.xml with Built-In Intent and defined in androidmanifest.xml Step 2) Create deep link through firebase dynamic link SDK Step 3) Map the Deeplink with built-in Intent in android action.xml Step 4) Create the application in Playstore Step 5) Upload the signed apk in Playstore as save in draft Step 6) Open the app action testing tool from latest android studio after upload the apk in playstore Step 7) Login the same google account in playstore, android studio and android device Step 8) Make sure the check the same Locale language (en-Us) in Android device and action testing tool   Built-In Intent & Sample Query: actions.intent. OPEN_APP_FEATURE           - Open History in <innovationName>           - Open sale in <innovationName>         ...
Read more