Setup Android VirtualBox for Pen-testing

Setup Android VM .iso

• Setup your vm and follow the offical guide here
  • https://www.android-x86.org/

Setup ssh client

• Download termux from Google Play
• Install sshd client

  # install
  pkg install openssh
  # launch
  sshd
  

• Copy your ssh public key into server

  # On Android, connect back to your host
  ssh [email protected] "cat ~/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keys
  

• Try to access root on ssh session

  ssh 192.168.56.109 -p 8022
  su
  

  
  

Setup burp with a new cert within 365 days

• Generate new cert within 365 days renewal

  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt
  
  openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt
  

• import it into burp
  

Import burp cert to Android

• You need a ubuntu/kali machine to execute the openssl convertion

  openssl x509 -inform DER -in cacert.der -out cacert.pem
  cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0
  ls -la
  
  # Right now , you should have a hashed file appended with .0
  total 8
  drwxr-xr-x  3 dev  staff  102 Jan 28 15:50 .
  drwx------+ 7 dev  staff  238 Jan 28 15:46 ..
  -rw-r--r--  1 dev  staff  953 Jan 28 15:50 870dad47.0
  

• Send it back to your android

  scp -P 8022 870dad47.0 192.168.56.109:~/
  ssh 192.168.56.109 -p 8022
  pwd
  su
  
  # import it into system trusted cert
  cp /data/data/com.termux/files/home/870dad47.0  /system/etc/security/cacert
  cd /system/etc/security/cacert
  chmod 644 870dad47.0
  chown root:root 870dad47.0
  
  # reboot to make effect
  reboot
  

Check if its work

• Setup proxy connection in Wifi settings
• Go to any https on android, see if its working