Security testing of mobile applications requires full access to the execution environment, especially when we want to intercept HTTPS traffic with tools like Burp Suite. In this post, I'll show you how to root the Android Studio emulator (AVD) and properly install the Burp certificate. This process is key to performing security analysis and debugging in a controlled environment, without the need to use a physical device.

•

Android Studio

○Virtual device manager

○SDK

•

AVDroot

○https://github.com/newbit1/rootAVD

•

Android Debug Bridge (ADB)

○Incorporarlo al Path del sistema

•Burp Suite

You must add a new device by clicking on the "+"

Opening Virtual Device Manager in Android Studio

Select the properties you want for the emulator and the API that best suits your application.

Open Virtual Device Manager from Android Studio

Select the properties you want for the emulator and the API that best suits your application.

Click the + button to add a new virtual device

Select the hardware profile for your virtual device

Choose the system image with API level (in this case API 33)

Verify the configuration settings for your AVD

Once you have created the device, start it and open a terminal, navigate to the path where you cloned the rootAVD repository and run ListAllAVDs. Here we will look for the API version, in our case 33.

Run ListAllAVDs to find the API version

Run the command and install Magisk.

Execute the command to install Magisk on the emulator

First part of the rootAVD script execution

Final part of the rootAVD script execution and patching ramdisk

Once the script has finished executing, you must restart the AVD. When it boots up, the "Magisk" application should have been installed.

Android home screen with Magisk app installed

When the application starts, it will require additional configuration, so accept it.

Magisk requires additional setup prompt

The device will restart. Once it has restarted, open a terminal and execute the following: "adb shell" "su" At this point, a pop-up window will appear which we should accept. Then, open Magisk again and update the application.

Grant superuser access to shell

Once root access from the terminal is guaranteed, run the following command to check if we have root permissions on the device: "whoami"

Verifying root access with whoami command

Now open Magisk again and proceed to update the application as follows.

Tap on the Update button in Magisk

Enable installation from this source

Toggle switched on to allow installation

Magisk update changelog and install button

Install the Magisk update

Once the update is complete, the device is now available to use in root mode. Now we just need to include the Burp certificate on the device as follows: • Export the certificate from Burp Suite in .der format

Export the Burp Suite certificate

Select Certificate in DER format

• Once saved, upload it to the device from the directory where we saved the certificate: "adb push burp_certificate.der /sdcard/Download"

Push the certificate to the device using ADB

• On the device, go to "Settings > Security > More security settings > Encryption and credentials > Install a certificate"

Navigate to Security & privacy in Android settings

Go to More security & privacy settings

Select Encryption & credentials option

Tap on Install a certificate

• Install as a CA Certificate.

Select CA certificate option

Choose the Burp certificate from Downloads

• Check that it has been installed in Trusted credentials.

Go to Trusted credentials in the settings

PortSwigger certificate in trusted credentials

Verify Burp certificate is installed as a trusted certificate

• Once the certificate has been installed in the user certificates, the AlwaysTrustUserCerts.zip Magisk module must be installed from the following URL: https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases/ "adb push AlwaysTrustUserCerts.zip /sdcard/Download"