Android Pentesting Setup On Macbook M1
Hello hackers,
as we know for Andriod pentesting we need Physical device or emulator. when i Started learning Andriod Pentesting i refer some videos And Blogs on internet everyone suggesting Genymotion emulator. after using it sometime i noticed its x-86 based Architecture so we cant test x-64 based Architecture Apps. also in Flutter based apps they have inbuit security for ssl pinning. recently i moved to Macbook m1 for my full time pentesting. M1 chips doesn’t support virtulization so there is no Virtualbox. And Gennymotion has dependency of virtualbox. without virtualbox its not gonna work. After some research i found better way than Gennymotion
for Emulator i Choose Andriod Studio. Andriod Studio have their virtual devices. Download latest Andriod studio from their Official Site. for installation you can refer any Youtube video its Simple.
Android Studio Bumblebee 2021.1.1 Patch 3
After installation Open Andriod Studio and create One device
I choose Pixel2 API level — 32 arm64-v8a
Every Mordern app support this Configuration.
After creating Device copy the device name on clipboard. go to this Path. /Users/yourName/Library/Android/sdk/emulator and then open Emulator with this command ./emulator -avd Pixel2 -writable-system
Pixel2 is my customize device name in your case it will be different To find your device name use this command ./emulator -list-avds and -writable -system is very imp to install burp certificate
Most Important part Comes here Installation of Burpsuite Certificate as system level Trusted CA this is permeant solution to SSL pinning.
All Trusted CA are stored in this path /system/etc/security/cacerts in Andriod. root privileges with some modification allows us to add our certificate here
Export and convert the Burp CA The first step is to get the Burp CA in the right format. Using Burp Suite, export the CA Certificate in DER format. I saved it as cacert.der
Android wants the certificate to be in PEM format, and to have the filename equal to the subject_hash_old value appended with .0.
Use openssl to convert DER to PEM, then output the subject_hash_old and rename the file:
openssl x509 -inform DER -in cacert.der -out cacert.pemopenssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
9a5ba575. #output hash value mv cacert.pem 9a5ba575.0 # change name
Copy the certificate to the device We can use adb to copy the certificate over, but since it has to be copied to the /system filesystem, we have to remount it as writable. As root, this is easy with adb remount.
./emulator -avd Pixel2 -writable-system. # for this -writable-system is IMP
adb root
adb remount
adb push 9a5ba575.0 /sdcard/The just drop into a shell (adb shell) and move the file to /system/etc/security/cacerts and chmod it to 644:
mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/9a5ba575.0Now reboot emulator with adb reboot and Start proxying with Burpsuite
copy IVP4 address of machine open Extended control in emulator then go to the proxy tab — Manual Proxy Configuration — Hostname and Port name as per your. Burpsuite Configuration.
We are good to go now.
Happy Hacking …..!
