I got tired of needing to install the cacert from burp into emulated android images … so below is a quick and dirty function in order to get the cert installed. Just make sure you have burp running on http://127.0.0.1:8080
Note: First, I switched over to macOS since writing the first post so this is for zsh … it’s super close to bash but you will need to update the read’s if you are using bash (something like read -n 1 -s -r -p "message here"). Second, I am on an M1 mac so you will need to update arm64-v8a to whatever your system is configured for. Finally, I run all my mobile traffic on a different port (8081) so you will want to make sure your http_proxy is correct for your system.
That said, on to the code:
# helper function to jump into a tmp directory
function tmpdir {
TMP_DIR="/tmp/$(uuidgen)"
mkdir $TMP_DIR
cd $TMP_DIR
}
# can call it like androidtest some-app.apk or just androidtest
function androidtest {
tmpdir
kill $(ps auwx | grep androidsecuritytest | grep -v grep | awk '{print $2}') 2>/dev/null
sleep 2
rm ~/.android/avd/androidsecuritytest.img 2>/dev/null
mksdcard -l androidsecuritytest 1024M ~/.android/avd/androidsecuritytest.img 2>/dev/null
avdmanager delete avd -n androidsecuritytest 2>/dev/null
avdmanager create avd --force --name androidsecuritytest --package 'system-images;android-32;google_apis;arm64-v8a' --device "pixel_4_xl" --sdcard ~/.android/avd/androidsecuritytest.img
sed -i.bak 's/hw.keyboard=no/hw.keyboard=yes/' ~/.android/avd/androidsecuritytest.avd/config.ini
rm ~/.android/avd/androidsecuritytest.avd/config.ini.bak
emulator -avd androidsecuritytest -writable-system -no-snapshot & \
echo "---------------------------"
read "?when emulator is fully loaded press any key to continue"
echo "---------------------------"
curl --silent --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert
openssl x509 -inform DER -in cacert.der -out cacert.pem
cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0
adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/
adb root
sleep 5
echo -n "avbctl disable-verification" | adb shell
adb disable-verity
sleep 5
adb remount
sleep 5
adb reboot
echo "---------------------------"
read "?when emulator is fully loaded press any key to continue"
echo "---------------------------"
adb root
sleep 5
adb remount
echo -n "su 0 mount -o rw,remount /system" | adb shell
echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts" | adb shell
echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell
adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port
adb shell settings put global http_proxy 172.16.0.230:8081
if [ $1 ]; then
adb install -r -t --no-streaming $1
fi
rm $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0
rm cacert.pem
rm cacert.der
}
Source where commands orignally came from
If all goes according to plan the cert is installed and your emulator will reboot, after which you should be able to update the wifi proxy settings and you will be good to go!
