Saturday, May 12, 2012

Update - Android & SSL Cert

Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).

After creating your AVD (4.0.3)...

Step 1 - Push PortSwiggerCA.crt up to the emulator's sd card (make sure you've added SD Card support to the AVD when creating it). 






Step 2 - Navigate to Settings > Security > Install Certificate from SD Card






Step 3 - Press Okay, enter a pin or password if asked






Step 4 - Following the install, if you'd like to shutdown the emulator and verify the settings have stuck, navigate to Settings > Security > Trusted Credentials and view the user pane. 






Step 5 - As always, if you'd like to proxy traffic from the emulator, leverage the http-proxy argument....




~cktricky



5 comments:

  1. Hi, thanks for this easy method, but how do you solve the Burp certificate HOST issues? *.domain.com seems not to work properly.

    ReplyDelete
  2. Do you mean that you are editing the proxy options to generate a CA-signed per-host certificates and putting *.domain.com into the text field and generating the cert this way?

    ReplyDelete
  3. Did you to manage to get this fixed? It seems even when adding the Portswigger CA I'm getting invalid common name issues? Is there any further changes required to get this working? A double check shows that the CA is now "trusted", burp just fails to rename the hostname on the SSL certificate.

    ReplyDelete
  4. Thank you for the instructions on the HOW TO's.. but just wanted to know if it does work out well? And what about your issues on the Hosting part?

    ReplyDelete
  5. The latest version of BurpSuite fixes this issue, or so I understand it. HTH.

    ReplyDelete