Use Burp Suite with Genymotion SaaS

Prerequisites

Prerequisites include Burp Suite, Android SDK platform-tools (adb), and gmsaas CLI tool.

• Burp Suite
• Android SDK platform-tools (adb)
• gmsaas CLI tool

Step 1 – Setting up Burp Suite

• In Burp Suite, go to the Proxy tab.
• Click on Proxy Settings.
• Listen to port 8080 from all interfaces.
• Click import/export CA certificate.
• Export.
• Certificate in DER format.
• Choose a path and name it anything with a .der extension.
• Click Next.
• The Burp_cert.der name is used as an example for this tutorial.

Step 2 – Upload and install the Burp Suite Certificate

• Open the device and switch to the “as user certificate” tab.
• Launch an instance.
• Drag’n drop the Burp_cert.der file to the device display or use the File upload widget.
• Go to Android Settings and install a certificate.
• In the results, click Install certificates from SD Card and select CA certificate.
• Click install anyway to bypass the warning.
• Navigate to /sdcard/Download and click on Burp_cert.der.
• If you are using Android 9 or below, you may be requested to set a secure lock screen; comply and set a lock.
• To verify whether the certificate is properly installed, go to Android settings and click Trusted credentials.
• You should see the certificate in the USER tab.
• This method alters the Android system significantly and may break the device.
• Use with extreme care and only if necessary.
• Android 14+:
• Root the device.
• Android 14 and above images are not rooted by default, so make sure that the device is rooted before going any further; please refer to Genymotion SaaS on-line documentation for more details.
• Install Magisk.
• Follow the instructions from our FAQ to install Magisk: How to install Magisk on Genymotion?
• Install the certificate as user certificate.
• Install the Cert-Fix plugin for Magisk.
• Download Cert-Fixer.zip from Cert-Fixer github repository.
• Upload the file to the device; you can either use adb push Cert-Fixer.zip /sdcard/Download or simply drag’n drop the file to the device display.
• Open Magisk and go to the Plugins section.
• Click “Install from storage” and select Cert-Fixed.zip from the Download folder (/sdcard/Download).
• Wait for the plugin to install; when done, click “Reboot” to reboot the device.
• After a reboot, the Burp Suite CA certificate (“PortSwigger CA”) should now be installed as a system certificate.
• Warning: The Cert-Fix plugin will copy any user certificate as system certificate on boot; if you don’t need to install any other system certificates, make sure to disable the plugin to avoid installing system certificates by mistake.
• Android 12-13:
• Root the device; Android 12-13 images are not rooted by default, so ensure the device is rooted before going any further; please refer to Genymotion SaaS on-line documentation for more details.
• Convert the certificate:
• We need to convert the Burp certificate into PEM format using openssl to convert DER to PEM, then output the subject_hash_old.
• openssl x509 -inform DER -in Burp_cert.der -out Burp_cert.pem # Convert DER certificate to PEM
• openssl x509 -inform PEM -subject_hash_old -in Burp_cert.pem | head -1 # Display subject_hash_old
• Rename the file with the output hash from the last command (example: 9a5ba575.0).
• mv Burp_cert.pem 9a5ba575.0
• Install the certificate:
• You will need ADB and gmsaas CLI to proceed; please refer to gmsaas CLI on-line documentation for more information.
• Make the /system partition writable and push the certificate to /system/etc/security/cacerts.
• adb root
• adb shell 'mount -o rw,remount /'
• adb push 9a5ba575.0 /system/etc/security/cacerts/
• adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
• Reboot the device.
• After the device has rebooted, browse to Settings -> Security -> Trusted Credentials; you should see the new “Portswigger CA” as a system trusted CA.
• Android 11 and below:
• Convert the certificate (same as above) and install as system certificate following the commands above for Android 12-13.
• Reboot the device and verify in Trusted Credentials as above.

Step 3 – Save as a Custom Recipe

• We recommend saving the device as a custom recipe at this point.

Step 4 – Set Android global proxy to Burp Suite proxy

• Important: If the global proxy is still set after saving the device as a custom recipe, or if you save the recipe at this point, Wifi will be unavailable the next time a device is started from this recipe. To avoid this, unset the global proxy before saving. See Step 5 – Disable global proxy section.
• If you haven’t already done it, connect the device to ADB with gmsaas.
• Next, use ADB to set port 3333 but you can use any other port as long as it is available:
• adb shell settings put global http_proxy localhost:3333
• Finally, bind Burp proxy to the device proxy configuration with adb reverse. We setup Burp suite to use port 8080, so we will bind the device pxoxy to this port:
• adb reverse tcp:3333 tcp:8080
• From there, your instance network should be intercepted by Burp suite.

Step 5 – Disable global proxy

• If you need to save the instance, make sure to disable the global proxy before or the Internet connection may be disabled the next time you start it:
• adb shell settings put global http_proxy :0