September 28, 2019 · Pentest Android

Using Burp suite on Android 9 or above

First, generate your own cert here:

# mac

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt \
    -subj /CN=dev.mycompany.com \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat /System/Library/OpenSSL/openssl.cnf \
        <(printf '[SAN]\nsubjectAltName=DNS:dev.mycompany.com'))
        
        
openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt

## Enter 123


# Ubuntu
---

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout certificate.key \
-out certificate.crt

        
openssl pkcs12 -export -out certificate.p12 -inkey certificate.key -certfile certificate.crt -in certificate.crt

## Enter 123

Originally from
https://support.portswigger.net/customer/portal/questions/16711090-cert-validity-too-long

Mac

Second, import the above certificate.p12 to burp, with password 123,
Click regenerate CA Certificate, export as certificate.der.

Your Proxy Interface need to be Per Host .

Screen-Shot-2020-09-10-at-4.28.51-PM

Next, Config your mac/PC instance.

Open Keychain Access.app in your mac, drag the certificate.der file to Systems tab

Double Click it, Trust -> Always Trust, Close it.

Screen-Shot-2020-09-10-at-4.29.00-PM

Then check can you visit google in your chrome with this cert settings.

Ubuntu

cp certificate.crt /usr/share/ca-certificates/
sudo dpkg-reconfigure ca-certificates

Next Config your Android app instance.

Then continue as follow:
https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/

*tested with android 9

Or.. you may follow right here..

openssl x509 -inform DER -in certificate.der -out certificate.pem
TEMP_NEW_FILE_NAME=$(openssl x509 -inform PEM -subject_hash_old -in certificate.pem |head -1)
mv certificate.pem $TEMP_NEW_FILE_NAME.0

echo $TEMP_NEW_FILE_NAME.0

adb connect 192.168.200.233
adb root
adb remount
adb push a900cbff.0 /sdcard/
mv /sdcard/a900cbff.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/a900cbff.0
reboot

Screen-Shot-2020-09-10-at-4.34.13-PM

Config your wifi proxy,

And check your chrome status

Screen-Shot-2020-09-10-at-4.35.05-PM

If it works, it should be somthing like this.

Make sure to save your project options!
Make sure to save your project options!
Make sure to save your project options!
Make sure to save your project options!

otherwise you need to do thise again each time if you restart your burp session!!!!!

Cheers!