Android Emulator

# Download from https://developer.android.com/studio
$ wget https://redirector.gvt1.com/edgedl/android/studio/ide-zips/4.0.1.0/android-studio-ide-193.6626763-linux.tar.gz
$ tar -xvf *.gz

$ /opt/android-studio/bin/studio.sh
  Tools > AVD Manager
  Create Virtual Device > Phone > Pixel 3a > Next
  x86 Images > Pie (28, Android 9.0 (Google APIs)) > Finish
  * Do not download Google Play (cannot root)

$ ~/Android/Sdk/tools/emulator -avd Pixel_3a_API_28 -writable-system -selinux disabled -qemu -enable-kvm

$ cd ~/Android/Sdk/platform-tools
$ ./adb remount
$ ./adb root
$ ./adb shell

$ ./adb shell
$ ls system/priv-app/
  GoogleLoginService
  GoogleServicesFramework
  PrebuiltGmsCore
# go to https://opengapps.org
  Platform > x86 > 9.0 > pico
$ sudo apt-get install lzip
$ unzip *.zip
$ cd Core
$ tar -xf vending-x86_64.tar.lz 
$ tar -xf gsflogin-all.tar.lz  # provides GoogleLoginService
$ tar -xf gsfcore-all.tar.lz   # provides GoogleServicesFramework
$ tar -xf gmscore-x86.tar.lz   # provides PrebuiltGmsCore
$ ./adb push /home/user1/Downloads/Core/vending-x86_64/nodpi/priv-app/Phonesky/Phonesky.apk /system/priv-app/

# restart adb
$ ./adb shell stop && ./adb shell start

Download Burpsuite from https://portswigger.net/burp/releases/professional-community-2020-9-1

# Run Burpsuite
./BurpSuiteCommunity

# Export Certificates from Burpsuite
BurpSuite > Proxy > Options > Proxy Listeners
  Running: [x]
  Interface: *:8080
  Certificate: Per-host
  TLS Protocols: Default
  Import / export CA Certificate
  Export [x] Certificate in DER format
$ openssl x509 -inform DER -in Burp.der -out cacert.pem
$ openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
  9a5ba575
$ mv cacert.pem 9a5ba575.0
$ ./adb push ~/Documents/9a5ba575.0 /system/etc/security/cacerts/
$ ./adb shell
$ ls -al /system/etc/security/cacerts/9a5*
  -rw-r--r-- 1 root root 1326 2020-09-17 17:08 /system/etc/security/cacerts/9a5ba575.0

# Verify cert is on the phone
Settings > Security > Trusted Credentials
  Portswigger CA

WirelessSSID > Advanced
Proxy hostname: 192.168.0.103 (IP of computer burpsuite is running on)
Proxy port: 8080

Android Emulator

Installation

Running

ADB

Install Google Play

Installing Burpsuite Certificate onto rooted Android

Set up Proxy on Android

NetGeekery