Tech Note: Installing Burp Certificate on Android 9

Note: this technique does not work on Android 10. At this point, I am unsure of how to make /system writable to copy the certificate into the trusted store.

After setting up a proxy and configuring a device, normally you can navigate to http://burp and download the certificate for installation. This did not work for me when running Android 9.

To install the certificate on an Android 7 or above device I had to export the certificate from Burp in DER format.

Screen Shot 2017-12-12 at 10.35.39 AM

Once the certificate is exported it must be converted from DER to PEM format.

openssl x509 -inform DER -in burp.der -out burp.pem

Rename the certificate using the subject hash.

openssl x509 -inform PEM -subject_hash_old -in burp.pem |head -1

mv burp.pem <output_from_prevous_command>.0

Copy the file <subject_hash>.0 into /sdcard on the android device.

./adb push /path/to/file/<subject_hash>.0 /sdcard/

Remount /system as read/write. This requires a rooted Android device or emulator.

./adb shell su -c “mount -o rw,remount,rw /”

Open a shell on the Android device.

./adb shell

Once the shell is loaded, move the file into the trusted certificate store, set correct permissions, and reboot the device.

cp <subject_hash>.0 /system/etc/security/cacerts

chmod 644 /system/etc/security/cacerts/<subject_hash>.0

reboot

Tech Note: SSH to Jailbroken iOS Device (10.2)

You can not connect to ssh over wifi with the 10.2 jailbreak. You need to ssh over USB. They are several options but the easiest is to use iproxy.

  1. Install iproxy
    brew install libimobiledevice
  2. On the terminal run the following command.
    iproxy 2222 22
    This will enable you to forward all traffic from port 2222 to port 22 over USB
  3. Now you can connect to the iPhone by running ssh
    ssh root@localhost -p 2222 

Notice you connect to localhost not the ip address of your phone. If everything went well, you should be presented with the ssh prompt.

Tech Note: Installing Burp Certificate on Android

Note: I have an updated post on installing the Burp certificate on newer versions of Android. See Tech Note: Installing Burp Certificate on Android 9.

After setting up a proxy and configuring a device, normally you can navigate to http://burp and download the certificate for installation.  This did not work for me when running Android 6.0.1.

To install the certificate on an Android device I had to export the certificate from Burp in DER format.  After that I was able to import the certificate without any problems.

Screen Shot 2017-12-12 at 10.35.39 AM

  1. Open Burp
  2. Navigate to Proxy -> Options -> Import / export CA certificate
  3. Select Certificate in DER format
  4. Export the certificate
  5. Copy the certificate to the Android device
  6. Install the certificate by navigating to Settings -> Wi-Fi – More options -> Advanced -> Install certificates
  7. Select the certificate and give it a name

Once the certificate is installed you can proxy SSL/TLS traffic as expected.

Tech Note: Public Key Cryptography

Four rules that are core to the use of public key cryptography and digital signatures:

  • When encrypting a message, use the recipient’s public key
  • When decrypting a message that you have received, use your private key
  • To digitally sign a message that you are sending to someone, use your private key
  • To verify the signature on a message sent to you by someone, use the sender’s public key