M 141: Burp with Android Studio's Emulator (20 pts)

What You Need for This Project

• A computer with Android Studio and an emulator installed, which you prepared in a previous project.

Purpose

Installing Burp

In a Web browser, go to https://portswigger.net/burp/communitydownload

Download the Community Edition and install it.

Ubuntu Users If you are using Ubuntu, execute these commands: cd cd Downloads ls -l You should see the name of the downloaded file, which should be something like burpsuite_free_v1.6.01.jar. Use that name in the commands below: cd cd Downloads sudo mkdir /opt/burp sudo mv burpsuite_free_v1.6.01.jar /opt/burp cd /opt/burp sudo touch burp sudo chmod 777 burp sudo echo "java -jar burpsuite_free_v1.6.01.jar" > burp ./burp

Warning If you run Burp in Kali, it seems not to properly export the certificate and Chrome on Android refuses to accept it. It can be imported but Chrome gives an error when opening secure pages anyway. We succeeded by running Burp directly on the host system instead (Mac OS).

Starting Burp

In the next page, click the Start Burp button.

The main Burp window opens, as shown below.

Click the Proxy tab. Click the Intercept sub-tab.

The third button says "Intercept is on", as shown below.

Configuring Burp

On the Proxy tab, click the Options sub-tab.

In the central box, click the Interface address to highlight it, as shown below.

On the left side, click the Edit button.

In the "Edit proxy listener" box, click the "Specific address" button, and select your computer's IP address that is used to connect to the Internet, as shown below.

Click OK.

Burp shows a proxy listener on your IP address and port 8080, as shown below.

Make a note of this address--you will need it below.

Adjusting Android Networking to Use the Burp Proxy

Click Settings.

In Settings, click "Network & internet".

Click Wi-Fi.

In the AndroidWiFi line, click the gear icon, outlined in red in the image below.

In the "Network details" screen, at the top right, click the pencil icon, outlined in red in the image below.

In the "AndroidWifi" page, in the "Proxy" field, click the down-arrow and click Manual.

Enter the IP address and port number of the Burp proxy listener, as shown below.

On your Android device, click Save.

At the bottom center of the device, click the round Home button.

Testing the Proxy

hackazon.samsclass.info

A "Hackazon" shopping site opens, as shown below.

M 141.1: Server (10 pts) In Burp, on the Proxy tab, click the "HTTP history" sub-tab. Scroll down and the GET request that loads hackazon.samsclass.info as shown below. Click the GET request. In the lower left pane, click Response. Find the text covered by a green box in the image below. That's the flag.

Opening a Secure Page

https://samsclass.info The browser does nothing, as shown below. It's a lousy browser, which is why we installed Chrome.

Opening a Secure Page in Chrome

When you see the "Sign in to Chrome" page, click "NO THANKS".

In Chrome, go to

https://samsclass.info

A warning message appears, saying "Your connection is not private", as shown below. Notice the specific error shown: NET:ERR_CERT_AUTHORITY_INVALID. This happens because Burp is performing a man-in-the-middle attack with a self-signed certificate.

Exporting the PortSwigger CA Certificate from Burp

We want to add PortSwigger as a trusted certificate authority to get rid of these messages.

In Burp, click the Proxy tab.

Click "Proxy Setttings".

Click the "Import /export CA certificate..." button.

In the "CA Certificate" box, in the Export setion, click the "Certificate in DER format" button, as shown below.

Click Next.

On the next page, click the "Select file..." button. Navigate to a folder you can find, such as your Desktop.

Give the file a name of portswigger2022.crt.

Click Next. Click Close.

Installing the PortSwigger CA Certificate into Android

A message appears, saying "File copied".

Importing the Portswigger Certificate

Click Advanced. Click "Encryption & Credentials".

Click "Install a certificate", as shown below.

Click "CA certificate". Click "Install anyway".

In the next screen, at the top left, click the three-bar icon, outlined in red in the image below.

Click Downloads.

In the Downloads window, click portswigger2022.crt, as shown below.

A message says "CA Certificate Installed".

Opening a Secure Page Again

https://samsclass.info The page opens, as shown below.

Viewing HTTPS Requests in Burp

M 141.2: Server (10 pts) In Burp, on the Proxy tab, click the "HTTP history" sub-tab. Find the line that shows the https://samsclass.info page loading, as shown below. Click that line. In the lower pane, click the Response tab. Find the text covered by a green box in the image above. That's the flag.

Adjusting Android to Bypass the Proxy

From the Android home screen, click the circle at the bottom center.

Open Settings.

In Settings, click "Network & internet".

Click Wi-Fi.

In the AndroidWiFi line, click the gear icon.

In the "Network details" screen, at the top right, click the pencil icon.

In the "AndroidWifi" page, in the "Proxy" field, click the down-arrow and click None.

Then click Save.