Setup Android VirtualBox for Pen-testing

Setup Android VM .iso

Setup ssh client

  • Download termux from Google Play

  • Install sshd client

    install

    pkg install openssh

    launch

    sshd

  • Copy your ssh public key into server

    On Android, connect back to your host

    ssh dev@192.168.56.1 “cat ~/.ssh/id_rsa.pub” >> ~/.ssh/authorized_keys

  • Try to access root on ssh session
    ssh 192.168.56.109 -p 8022
    su

Screen-Shot-2020-01-28-at-3.57.57-PM
Screen-Shot-2020-01-28-at-3.57.30-PM

Setup burp with a new cert within 365 days

  • Generate new cert within 365 days renewal
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt

    openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt

  • import it into burp
    Screen-Shot-2020-01-28-at-3.57.24-PM

Import burp cert to Android

  • You need a ubuntu/kali machine to execute the openssl convertion

    openssl x509 -inform DER -in cacert.der -out cacert.pem
    cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0
    ls -la
    
    # Right now , you should have a hashed file appended with .0
    total 8
    drwxr-xr-x  3 dev  staff  102 Jan 28 15:50 .
    drwx------+ 7 dev  staff  238 Jan 28 15:46 ..
    -rw-r--r--  1 dev  staff  953 Jan 28 15:50 870dad47.0
    
  • Send it back to your android

    scp -P 8022 870dad47.0 192.168.56.109:~/
    ssh 192.168.56.109 -p 8022
    pwd
    su
    
    # import it into system trusted cert
    cp /data/data/com.termux/files/home/870dad47.0  /system/etc/security/cacert
    cd /system/etc/security/cacert
    chmod 644 870dad47.0
    chown root:root 870dad47.0
    
    # reboot to make effect
    reboot
    

Check if its work

  • Setup proxy connection in Wifi settings
  • Go to any https on android, see if its working
    Screen-Shot-2020-01-28-at-3.57.12-PM
    Screen-Shot-2020-01-28-at-3.57.05-PM