Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).
After creating your AVD (4.0.3)...
Step 1 - Push PortSwiggerCA.crt up to the emulator's sd card (make sure you've added SD Card support to the AVD when creating it).
Step 2 - Navigate to Settings > Security > Install Certificate from SD Card
Step 3 - Press Okay, enter a pin or password if asked
Step 4 - Following the install, if you'd like to shutdown the emulator and verify the settings have stuck, navigate to Settings > Security > Trusted Credentials and view the user pane.
Step 5 - As always, if you'd like to proxy traffic from the emulator, leverage the http-proxy argument....
~cktricky
Hi, thanks for this easy method, but how do you solve the Burp certificate HOST issues? *.domain.com seems not to work properly.
ReplyDeleteDo you mean that you are editing the proxy options to generate a CA-signed per-host certificates and putting *.domain.com into the text field and generating the cert this way?
ReplyDeleteDid you to manage to get this fixed? It seems even when adding the Portswigger CA I'm getting invalid common name issues? Is there any further changes required to get this working? A double check shows that the CA is now "trusted", burp just fails to rename the hostname on the SSL certificate.
ReplyDeleteThank you for the instructions on the HOW TO's.. but just wanted to know if it does work out well? And what about your issues on the Hosting part?
ReplyDeleteThe latest version of BurpSuite fixes this issue, or so I understand it. HTH.
ReplyDelete