Let’s say you’ve been assigned some mobile work. You’re a pentester, mobile developer, or just a tinkerer who needs to be able to see traffic flowing to and from your Android device. Chances are you’re going to want to use BurpSuite to help make your life a little bit easier.
Problem is that the instructions on Portswigger’s website are from a very outdated version of Android. This is fine if you need to test older devices, but what about testing new devices with newer flavors of Android OS? What if you need to emulate and don’t have your own physical device?
In that case, this article will cover:
- Adding an additional proxy listener to Burp
- Setting up an emulated Android device
- Configuring the device to use a proxy
- Installing the Burp Certificate Authority (Android 11)
- Verifying successful traffic proxy
Adding an additional proxy listener to BurpSuite
I will admit this step is optional, but I do like having different listeners for different use cases.
To start, launch BurpSuite and open the Proxy tab.
From there, click on Add to add a new proxy listener.
Now, bind the listener to a port you specifically want to use for Android. In this case, I’m using 8082 so remember this port number. Your Bind Address can be kept at Loopback only if you’re emulating, but if you’re using a physical device you will want to use All Interfaces.
Click Ok in the lower right and save your settings. You should now have two listeners configured on two different ports.
Setting up an emulated Android device
If you haven’t already, go ahead and download Android Studio. While the following instructions won’t matter if you’re using Mac, PC, or Linux, you’ll need Android Studio to get going. Installation instructions will be out of scope for this article.
Once you have Android Studio installed, open it and start a new project. Doesn’t matter what kind for now because we just need access to the Android Device Manager to create an emulator.
Now, click on the AVD Manager button in the upper right hand corner of Android Studio.
Chances are you won’t have a device ready so go ahead and click + Create Virtual Device....
Choose the appropriate hardware you want to test on and click “next”.
Next, choose your operating system version. If you don’t have the release you want, click the Download button then finally click Next to move on.
Name your device and click Finish.
We’ll need to access the device’s Advanced settings so before we do that we need to go to Android Studio > Preferences > Tools > Emulator and unckeck the Launch in a tool window option.
Now, in your Android Device Manager, click the green play icon to launch your desired device and wait for it to boot.
Configuring the device to use a proxy
In a browser that is configured to proxy traffic through Burp, you’ll need to navigate it to http://burp and download the CA file.
Head to your emulated Android device and click the ellipses icon on the right options panel. Choose Settings > Proxy and add your Burp proxy settings we set up in the first step. Click Apply to apply the changes. This will allow your emulated device to proxy traffic to Burp.
One final step, we need to install the CA Certificate onto the device itself. These steps will apply to Android 11 because of recent changes to how a user can install their own CAs. Luckily, this is straight-forward with the following steps.
Installing the Burp Certificate Authority (Android 11)
- Rename your
cacert.derfile from Burp tocacert.crt - Find the
cacert.crtfile on your computer - Click and drag the
cacert.crtfile onto the emulated Android device (this will put your cert file under the phone’sDownloadsfolder)
Finally, install the CA using the mobile device.
- Go to
Settings > Security > Advanced - Open
Encryption & Credentials > Install a certificate > CA certificate > Install anyway - Choose your crt file
- You’re done!
Verifying successful traffic proxy
Final step — make sure it all works!
Open the Chrome browser and verify that the traffic is passed through Burp.
Now you’re ready to test!
Edit: If you find yourself finding that traffic isn’t proxying correctly in apps or over the emulated device’s wifi, you may need to install the CA cert at the system level.
I found this guide incredibly helpful along with these sets of commands if you’re having ADB trouble.
