Connect Burp Suite to Genymotion PaaS (Device Image)

2024-05-13

Prerequisites

• Burp suite
• Android SDK platform-tools (adb)

Step 1 – Setting up Burp Suite

Step 1 – Setting up Burp Suite

1. In Burp Suite, go to the Proxy tab.

2. Click Proxy Settings.

Here, Burp Suite listens to port 8080 from all interfaces.

• Click import/export CA certificate > Export > Certificate in DER format.
• Choose a path and name it anything with a .der extension.
• Click Next.

Use the name Burp_cert.der as an example for this tutorial.

Step 2 – Upload and install the Burp Suite Certificate

as user certificate

1. Start your device.

2. Drag’n drop the Burp_cert.der file you generated to the device display.

3. Go to Android Settings and install a certificate.

4. Click Install certificates from SD Card.

5. Select CA certificate.

6. Click install anyway to bypass the warning.

7. Navigate to /sdcard/Download and click on Burp_cert.der.

8. If you are using Android 9 or below, you may be requested to set a secure lock screen.

9. Comply and set a lock.

To verify whether the certificate is properly installed, go to Android settings, and click Trusted credentials. The certificate should appear in the USER tab.

as system (root) certificate

This method alters the Android system significantly and may break the device.

Use this method with extreme care and only if necessary.

Android 14+

Installing System certificates on Android 14+ requires Magisk and a third party plugin.

1. Root the device. 2. Install Magisk. 3. Install the certificate as user certificate. 4. Install the Cert-Fix plugin for Magisk.

1. Root the device

Android 14 and above images are not rooted by default.

Make sure the device is rooted before going any further.

Please refer to Genymotion Device Image on-line documentation for more details.

2. Install Magisk

Follow the instructions from the FAQ to install Magisk: How to install Magisk on Genymotion?

3. Install the certificate as user certificate

Follow the instructions from the tab “as user certificate”.

4. Install the Cert-Fix plugin for Magisk

1. Download Cert-Fixer.zip from Cert-Fixer github repository.

2. Upload the file to the device.

3. Use one of these methods to upload the file:

• adb push Cert-Fixer.zip /sdcard/Download
• drag’n drop the file to the device display

4. Open Magisk and go to the Plugins section.

5. Click “Install from storage” and select Cert-Fixed.zip from the Download folder (/sdcard/Download).

6. Wait for the plugin to install.

7. Click “Reboot” to reboot the device.

After a reboot, the Burp Suite CA certificate (“PortSwigger CA”) should now be installed as a system certificate.

The Cert-Fix plugin will copy any user certificate as system certificate on boot. If other system certificates are not needed, disable the plugin to avoid installing system certificates by mistake.

Android 12-13

1. Root the device.

2. Convert the certificate.

3. Install the certificate.

1. Root the device

Android 12-13 images are not rooted by default.

Make sure the device is rooted before going any further.

Please refer to Genymotion Device Image on-line documentation for more details.

2. Convert the certificate

Convert the Burp certificate into PEM format.

Use openssl to convert DER to PEM.

Then output the subject_hash_old.

Bash

openssl x509 -inform DER -in Burp_cert.der -out Burp_cert.pem # Convert DER certificate to PEM
openssl x509 -inform PEM -subject_hash_old -in Burp_cert.pem |head -1 # Display subject_hash_old

Rename the file with the output hash from the last command. For example, if the hash is 9a5ba575, rename the file as 9a5ba575.0.

Bash

mv Burp_cert.pem 9a5ba575.0

3. Install the certificate

Use ADB to proceed.

Please refer to Genymotion Device on-line documentation for more information.

Make the /system partition writeable. Push the certificate to the /system/etc/security/cacerts folder.

Bash

adb root # switch to root
adb shell 'mount -o rw,remount /' # remount the system with write permission
adb push <cert>.0 /system/etc/security/cacerts/ # upload the certificate
adb shell chmod 644 /system/etc/security/cacerts/<cert>.0 # Change the certificate permissions

For example, with the 9a5ba575.0 certificate:

Bash

adb root
adb shell 'mount -o rw,remount /'
adb push 9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0

Reboot the device.

After the device has rebooted, open Settings -> Security -> Trusted Credentials. The new “Portswigger CA” should appear as a system trusted CA.

Android 11 and below

1. Convert the certificate.

2. Install the certificate.

1. Convert the certificate

Convert the Burp certificate into PEM format.

Use openssl to convert DER to PEM.

Then output the subject_hash_old.

Then, rename the file with the output hash from the last command. For example, if the hash is 9a5ba575, rename the file as 9a5ba575.0.

2. Install the certificate

Use ADB to proceed.

Please refer to Genymotion Device on-line documentation for more information.

Make the /system partition writeable. Push the certificate to the /system/etc/security/cacerts folder.

Bash

adb remount # remount the system with write permission
adb push <cert>.0 /system/etc/security/cacerts/ # upload the certificate
adb shell chmod 644 /system/etc/security/cacerts/<cert>.0 # Change the certificate permissions

For example, with the 9a5ba575.0 certificate:

Bash

adb remount
adb push 9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0

Reboot the device.

After the device has rebooted, open Settings -> Security -> Trusted Credentials. The new “Portswigger CA” should appear as a system trusted CA.

Step 3 – Set Android global proxy to Burp Suite proxy

> Important: If the global proxy is still set after rebooting ot stopping the instance, Internet (Wifi) will be unavailable the next time a device is started from this recipe. To avoid this, make sure to unset the global proxy before. See “Disable global proxy” section.

If the instance is not connected to ADB, connect the instance to ADB: https://docs.genymotion.com/paas/Access/04_ADB/

Use ADB to set port 3333. You can use any other port as long as it is available.

Bash

adb shell settings put global http_proxy localhost:3333

Bind Burp proxy to the device proxy configuration with adb reverse. Burp Suite uses port 8080. Bind the device proxy to this port with adb reverse.

Bash

adb reverse tcp:3333 tcp:8080

Your instance network should be intercepted by Burp suite.

Disable global proxy

Before stopping or rebooting the instance, disable the global proxy.

Internet connection may be unavailable the next time you start it.

Bash

adb shell settings put global http_proxy :0