Burp Suite is an essential tool for both penetration testers and developers. It allows you to intercept and modify HTTP requests. Since most modern mobile applications communicate with servers via APIs, installing the Burp Suite certificate on your device is crucial.
Disclaimer
For this demo, I will be using Genymotion.
By default, Genymotion comes with root access on certain Android versions. Check this for more details.
Prerequisites
First, obtain the Burp Suite certificate. Open Burp Suite, go to the Proxy tab, then Proxy Settings. Click Import / Export CA Certificate, export it in DER format, and save it with a .crt extension (e.g., burp.crt).
Install Burp Suite Certificate
Next, you need to convert the Burp Suite certificate into PEM format.
Run the following command:
openssl x509 -inform DER -in burp.crt -out burp.pem
Then, rename the certificate file using its hash value. Make sure to append .0 as the extension:
openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1
mv burp.pem <hash>.0
Tip
If you encounter “Read-Only” errors on the file system, run
adb remountfirst, thenadb shell.
Now, push the renamed file into the device. First, remount the partitions with read-write access:
adb remount
adb push <hash.0> /system/etc/security/cacerts/
Set the correct file permissions (644) and reboot the device:
adb shell chmod 664 /system/etc/security/cacerts/<hash.0>
After rebooting, go to Settings > Trusted Credentials and check that the Burp Suite certificate is now listed under System-level certificates.
At the top of the emulator screen, you’ll see the device’s IP address. You need this IP for configuring the Burp Suite proxy. In my case, it is 192.168.56.107.
Configuring Burp Suite Proxy
First, open Burp Suite, navigate to the Proxy tab, and go to Proxy Settings. Click Add, select the IP address used by Genymotion, and set a port number (e.g., 192.168.56.1:8081).
Next, open WiFi settings in Emulator, click the settings icon, then tap the pencil icon to edit the connection.
Select Proxy: Manual, enter the proxy listener details, and click Save.
To verify the setup, open a browser on your device and visit https://example.com. If everything is configured correctly, the request should be successfully proxied through Burp Suite.
