Step 1: Download and Install Android Studio
Download the latest version of Android Studio (2024.2.2) from the official website and install it on your system.
Step 2: Create a Virtual Device
- Open Android Studio and navigate to AVD Manager.
- Click on Create Virtual Device.
- Select Pixel 8 as the device.
- Go to x86 Images and choose the following:
- Release Name: S
- API Level: 31
- Architecture: x86_64
- Android Version: 12.0
- Type: Default Android System Image (AOSP - Android Open Source Project)
- Complete the setup and launch the emulator.
Step 3: Root the device with Magisk
To gain root access, install Magisk using the following steps:
-
Download rootAVD from GitHub.
-
Open a terminal and list all available AVDs:
rootAVD.bat ListAllAVDs
-
Select the image used by your virtual device and run the command:
rootAVD.bat <system-images\android-34\default\x86_64\ramdisk.img>
-
Restart the emulator
-
Open Magisk application, it will ask to restart the phone in order to finish installation. Validate and the emulator will restart automatically.
Step 4: Set up Burp Suite interception
Install MagiskTrustUserCerts
- Download MagiskTrustUserCerts v0.4.1 from NVISO GitHub.
- Transfer the module to the emulator:
adb push ./AlwaysTrustUserCerts.zip /sdcard/
- Open the Magisk app on the emulator:
- Go to Modules > Install from storage.
- Select
AlwaysTrustUserCerts.zip
. - Reboot the emulator.
- Verify that the module is activated in Magisk after reboot.
Download Burp Suite certificate
- Open a browser on the emulator and navigate to:
Download the Burp Suite certificate.http://10.0.2.2:8080
- Alternatively, download it from your host machine:
Transfer it to the emulator using:http://127.0.0.1:8080
adb push ./cacert.der /sdcard/
Install the certificate
- Install the certificate manually on the emulator:
- Settings > Security > Encryption & Credentials > Install a Certificate > CA Certificate
- Select
INSTALL ANYWAY
and choosecacert.der
.
- Verify the certificate installation:
- Settings > Security > Encryption & Credentials > Trusted Credentials > User
- Restart the emulator twice to allow MagiskTrustUserCerts to move the certificate from User to System.
- Before each restart, confirm that:
- The certificate is still listed under User Certificates.
- The MagiskTrustUserCerts module is active.
- Before each restart, confirm that:
Configure the proxy for Burp Suite
To route all traffic through Burp Suite, set up the proxy:
adb shell settings put global http_proxy 10.0.2.2:8080
To disable the proxy:
adb shell settings put global http_proxy :0
Your Android Studio pentesting emulator is now set up with Burp Suite interception! 🎯