====== Android Emulator ======

===== Installation =====
  # Download from https://developer.android.com/studio
  $ wget https://redirector.gvt1.com/edgedl/android/studio/ide-zips/4.0.1.0/android-studio-ide-193.6626763-linux.tar.gz
  $ tar -xvf *.gz

  $ /opt/android-studio/bin/studio.sh
    Tools > AVD Manager
    Create Virtual Device > Phone > Pixel 3a > Next
    x86 Images > Pie (28, Android 9.0 (Google APIs)) > Finish
    * Do not download Google Play (cannot root)

===== Running =====
  $ ~/Android/Sdk/tools/emulator -avd Pixel_3a_API_28 -writable-system -selinux disabled -qemu -enable-kvm  

===== ADB =====
  $ cd ~/Android/Sdk/platform-tools
  $ ./adb remount
  $ ./adb root
  $ ./adb shell

===== Install Google Play =====
  $ ./adb shell
  $ ls system/priv-app/
    GoogleLoginService
    GoogleServicesFramework
    PrebuiltGmsCore
  # go to https://opengapps.org
    Platform > x86 > 9.0 > pico
  $ sudo apt-get install lzip
  $ unzip *.zip
  $ cd Core
  $ tar -xf vending-x86_64.tar.lz 
  $ tar -xf gsflogin-all.tar.lz  # provides GoogleLoginService
  $ tar -xf gsfcore-all.tar.lz   # provides GoogleServicesFramework
  $ tar -xf gmscore-x86.tar.lz   # provides PrebuiltGmsCore
  $ ./adb push /home/user1/Downloads/Core/vending-x86_64/nodpi/priv-app/Phonesky/Phonesky.apk /system/priv-app/

  # restart adb
  $ ./adb shell stop && ./adb shell start 

===== Installing Burpsuite Certificate onto rooted Android =====

Download Burpsuite from https://portswigger.net/burp/releases/professional-community-2020-9-1

  # Run Burpsuite
  ./BurpSuiteCommunity

  # Export Certificates from Burpsuite
  BurpSuite > Proxy > Options > Proxy Listeners
    Running: [x]
    Interface: *:8080
    Certificate: Per-host
    TLS Protocols: Default
    Import / export CA Certificate
    Export [x] Certificate in DER format
  $ openssl x509 -inform DER -in Burp.der -out cacert.pem
  $ openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
    9a5ba575
  $ mv cacert.pem 9a5ba575.0
  $ ./adb push ~/Documents/9a5ba575.0 /system/etc/security/cacerts/
  $ ./adb shell
  $ ls -al /system/etc/security/cacerts/9a5*
    -rw-r--r-- 1 root root 1326 2020-09-17 17:08 /system/etc/security/cacerts/9a5ba575.0

  # Verify cert is on the phone
  Settings > Security > Trusted Credentials
    Portswigger CA

===== Set up Proxy on Android =====
  WirelessSSID > Advanced
  Proxy hostname: 192.168.0.103 (IP of computer burpsuite is running on)
  Proxy port: 8080