Note: this technique does not work on Android 10. At this point, I am unsure of how to make /system writable to copy the certificate into the trusted store.
After setting up a proxy and configuring a device, normally you can navigate to http://burp and download the certificate for installation. This did not work for me when running Android 9.
To install the certificate on an Android 7 or above device I had to export the certificate from Burp in DER format.
Once the certificate is exported it must be converted from DER to PEM format.
openssl x509 -inform DER -in burp.der -out burp.pem
Rename the certificate using the subject hash.
openssl x509 -inform PEM -subject_hash_old -in burp.pem |head -1
mv burp.pem <output_from_prevous_command>.0
Copy the file <subject_hash>.0 into /sdcard on the android device.
./adb push /path/to/file/<subject_hash>.0 /sdcard/
Remount /system as read/write. This requires a rooted Android device or emulator.
./adb shell su -c “mount -o rw,remount,rw /”
Open a shell on the Android device.
Once the shell is loaded, move the file into the trusted certificate store, set correct permissions, and reboot the device.
cp <subject_hash>.0 /system/etc/security/cacerts
chmod 644 /system/etc/security/cacerts/<subject_hash>.0