Setting Up Enviorment

ADB Setup

sudo apt-get update
sudo apt-get install android-tools-adb

Download And Install Magisk

For Google Pixel 2XL with Android 8.0 Oreo In Genemotion

Download Magisk v23:

https://github.com/topjohnwu/Magisk/releases/download/v23.0/Magisk-v23.0.apkgithub.com

Checking Device arch type

adb shell getprop ro.product.cpu.abi

Magisk frameworks

Magisk_rebuilt_1c8ebfac_x86.zipGoogle Docs

Magisk framework for x86_64

Magisk framework for arm64

Drag and Drop the zip files in the Mobile and restart

Open Magisk App and Select remeber me for ever.

Restart the app.

Import Burp Certificate to Android Device

Follow the below steps to import the Burp certificate as trusted credentials on the Android Device as System. Convert the certificate to a valid format for Android via below commands:

openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
mv cacert.pem <hash>.0

Copy the certificate to your Android Device

adb root
adb remount
adb push <cert>.0 /sdcard/

Move the certificate to the system directory, and reboot the deivce

adb root
adb remount
adb push <cert>.0 /sdcard/
adb shell
mv /sdcard/<cert>.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacarts/<cert>.o
reboot

Or use this single Bash script mentioned on HackTricks👍

# convert-burp-cert.sh - Convert Burp Suite certificate to Android format

openssl x509 -inform DER -in burp_cacert.der -out burp_cacert.pem
CERTHASHNAME="`openssl x509 -inform PEM -subject_hash_old -in burp_cacert.pem | head -1`.0"
mv burp_cacert.pem $CERTHASHNAME 

# Move the certificate to the Android device

adb root && sleep 2 && adb remount 
adb push $CERTHASHNAME /sdcard/
adb shell mv /sdcard/$CERTHASHNAME /system/etc/security/cacerts/ 
adb shell chmod 644 /system/etc/security/cacerts/$CERTHASHNAME 
adb reboot

Configure above proxy on your Android device.

Via: Network and internet -> Mobile Network -> Advanced -> Access Point Names. Then, click on the network and edit Proxy and Port. Or via Android Wi-Fi settings if you are using a local device.

It also possible to configure the proxy without using the device via ADB:

adb shell settings put global http_proxy [burp_host_ip]:8080

ADB in andriod studio

adb tcpip 5555

netsh interface portproxy add v4tov4 listenport=5555 listenaddress=0.0.0.0 connectport=5555 connectaddress=127.0.0.1

New-NetFirewallRule -DisplayName "ADB External Access" -Direction Inbound -LocalPort 5555 -Protocol TCP -Action Allow


PS F:\AndroidSDK\emulator> .\emulator.exe  -list-avds
Pixel_2_XL-_Rooted

Turn off the Andriod device then

.\emulator.exe -avd <Your_AVD_Name> -writable-system -selinux permissive

PS C:\Users\Administrator> adb devices
List of devices attached
emulator-5554   offline
emulator-5556   device

PS C:\Users\Administrator> adb -s emulator-5556 root
restarting adbd as root
PS C:\Users\Administrator> adb -s emulator-5556 tcpip 5555
restarting in TCP mode port: 5555

Problems

adb kill-server
taskkill /F /IM emulator.exe
taskkill /F /IM qemu-system-x86_64.exe

.\emulator.exe -avd <Your_AVD_Name> -wipe-data -writable-system -selinux permissive

PreviousAndroid Application Pentesting NextFrida Setup

Last updated 4 months ago