Setting up an Android emulator for pentest

Step 1: Download and Install Android Studio

Download the latest version of Android Studio (2024.2.2) from the official website and install it on your system.

Step 2: Create a Virtual Device

  1. Open Android Studio and navigate to AVD Manager.
  2. Click on Create Virtual Device.
  3. Select Pixel 8 as the device.
  4. Go to x86 Images and choose the following:
   - Release Name: S
   - API Level: 31
   - Architecture: x86_64
   - Android Version: 12.0
   - Type: Default Android System Image (AOSP - Android Open Source Project)
  1. Complete the setup and launch the emulator.

Step 3: Root the device with Magisk

To gain root access, install Magisk using the following steps:

  1. Download rootAVD from GitHub.

  2. Open a terminal and list all available AVDs:

    rootAVD.bat ListAllAVDs
    
  3. Select the image used by your virtual device and run the command:

    rootAVD.bat <system-images\android-34\default\x86_64\ramdisk.img>
    
  4. Restart the emulator

  5. Open Magisk application, it will ask to restart the phone in order to finish installation. Validate and the emulator will restart automatically.

Step 4: Set up Burp Suite interception

Install MagiskTrustUserCerts

  1. Download MagiskTrustUserCerts v0.4.1 from NVISO GitHub.
  2. Transfer the module to the emulator:
    adb push ./AlwaysTrustUserCerts.zip  /sdcard/
    
  3. Open the Magisk app on the emulator:
    • Go to Modules > Install from storage.
    • Select AlwaysTrustUserCerts.zip.
    • Reboot the emulator.
  4. Verify that the module is activated in Magisk after reboot.

Download Burp Suite certificate

  1. Open a browser on the emulator and navigate to:
    http://10.0.2.2:8080
    
    Download the Burp Suite certificate.
  2. Alternatively, download it from your host machine:
    http://127.0.0.1:8080
    
    Transfer it to the emulator using:
    adb push ./cacert.der  /sdcard/
    

Install the certificate

  1. Install the certificate manually on the emulator:
    • Settings > Security > Encryption & Credentials > Install a Certificate > CA Certificate
    • Select INSTALL ANYWAY and choose cacert.der.
  2. Verify the certificate installation:
    • Settings > Security > Encryption & Credentials > Trusted Credentials > User
  3. Restart the emulator twice to allow MagiskTrustUserCerts to move the certificate from User to System.
    • Before each restart, confirm that:
      • The certificate is still listed under User Certificates.
      • The MagiskTrustUserCerts module is active.

Configure the proxy for Burp Suite

To route all traffic through Burp Suite, set up the proxy:

adb shell settings put global http_proxy 10.0.2.2:8080

To disable the proxy:

adb shell settings put global http_proxy :0

Your Android Studio pentesting emulator is now set up with Burp Suite interception! 🎯