Here are the steps you need to follow to set up burp suite to have a proxy for your android virtual device to pen test your android app.
Step 1:
Download Burp Suite from: http://portswigger.net/burp/download.html
Test if it is running by running it from terminal
$ java -jar -Xmx1024m burpsuite_free_v1.5.jar
Step 2:
Set up a Proxy in your browser:
“ … Chrome - The Chrome browser picks up the HTTP proxy settings configured on the host computer. If you are using Chrome, you can open your computer's built-in browser and follow the instructions for configuring that. If you aren't sure where the built-in proxy settings are, open Chrome, go to the Customize menu, select Settings, click on "Show advanced settings", and click the "Change proxy settings ..." button. This will open the relevant configuration options for your host computer.
Firefox - Go to the Firefox menu, click on Options, click on Advanced, go to the Network tab, and click on the Settings button in the Connection section. Select the "Manual proxy configuration" radio button. Enter your Burp Proxy listener address in the "HTTP proxy" field (by default, 127.0.0.1). Enter your Burp Proxy listener port in the "Port" field (by default, 8080). Make sure the "Use this proxy server for all protocols" box is checked. Delete anything that appears in the "No proxy for" field. Then click "OK" to close all of the options dialogs. …“
Step 3:
Downloading PortSwigger Certificate
Open a site on https (eg https://www.google.com) . Once you get the security warning click on I Understand the risk and add security exception. There click on View button.
Confirm that you see a PortSwigger certificate. Go to Details tab and export it. Save it with a .crt extension.
Step 4:
Create a new android virtual device (android ver >4.2) with some space on the sdcard (to save the certificate).
Start the avd and copy the PortSwigger cert to the sdcard:
$ adb push PortSwiggerCA.crt /sdcard/
Step 5:
Install the cert on the device:
Go to Settings->Security and select install certificate from sdcard. It might ask you to set up a pin while doing it.
Step 6:
Check if cert and proxy are working:
Close the avd and start it from the cmd line using the following command:
$ emulator -avd <name of your device> -http-proxy http://127.0.0.1:8080
In Burp Suite go to the proxy tab and click on intercept on.
Try opening any website on the emulator and check if the proxy is working
Step 7:
Install the apk to test:
Restart avd without the proxy
Install your apk file using the command:
$ adb install filename.apk
Step 8 :
Restart emulator with proxy on
$ emulator -avd <name of your device> -http-proxy http://127.0.0.1:8080
Step 1:
Download Burp Suite from: http://portswigger.net/burp/download.html
Test if it is running by running it from terminal
$ java -jar -Xmx1024m burpsuite_free_v1.5.jar
Step 2:
Set up a Proxy in your browser:
“ … Chrome - The Chrome browser picks up the HTTP proxy settings configured on the host computer. If you are using Chrome, you can open your computer's built-in browser and follow the instructions for configuring that. If you aren't sure where the built-in proxy settings are, open Chrome, go to the Customize menu, select Settings, click on "Show advanced settings", and click the "Change proxy settings ..." button. This will open the relevant configuration options for your host computer.
Firefox - Go to the Firefox menu, click on Options, click on Advanced, go to the Network tab, and click on the Settings button in the Connection section. Select the "Manual proxy configuration" radio button. Enter your Burp Proxy listener address in the "HTTP proxy" field (by default, 127.0.0.1). Enter your Burp Proxy listener port in the "Port" field (by default, 8080). Make sure the "Use this proxy server for all protocols" box is checked. Delete anything that appears in the "No proxy for" field. Then click "OK" to close all of the options dialogs. …“
Step 3:
Downloading PortSwigger Certificate
Open a site on https (eg https://www.google.com) . Once you get the security warning click on I Understand the risk and add security exception. There click on View button.
Confirm that you see a PortSwigger certificate. Go to Details tab and export it. Save it with a .crt extension.
Step 4:
Create a new android virtual device (android ver >4.2) with some space on the sdcard (to save the certificate).
Start the avd and copy the PortSwigger cert to the sdcard:
$ adb push PortSwiggerCA.crt /sdcard/
Step 5:
Install the cert on the device:
Go to Settings->Security and select install certificate from sdcard. It might ask you to set up a pin while doing it.
Step 6:
Check if cert and proxy are working:
Close the avd and start it from the cmd line using the following command:
$ emulator -avd <name of your device> -http-proxy http://127.0.0.1:8080
In Burp Suite go to the proxy tab and click on intercept on.
Try opening any website on the emulator and check if the proxy is working
Step 7:
Install the apk to test:
Restart avd without the proxy
Install your apk file using the command:
$ adb install filename.apk
Step 8 :
Restart emulator with proxy on
$ emulator -avd <name of your device> -http-proxy http://127.0.0.1:8080
No comments:
Post a Comment