Android Security Auditing with Genymotion and Burp

What You Need for This Project

Purpose

To get Genymotion and Burp working, so you can easily install apps from Google Play and audit their security.

Genymotion is a very nice, luxurious Android virtual machine, more convenient and efficient than the emulator Google Studio provides or the VirtualBox installation you made in the earlier projects.

Dowloading Genymotion

In a Web browser, go to

https://www.genymotion.com/#!/

Click "Get Genymotion".

Scroll to the bottom of the "Free" column and click Download.

In the next screen, click "Get Genymotion (59.08 MB)"

If you are using a PC, click "Get Genymotion without VirtualBox".

A "Sign in" box pops up.

Click the "Create Account" button.

Make up a username and password, and enter a valid email account. (You may use mailinator if you wish.)

Accept the terms and click "Create account".

Click the link in your email.

Once your account is working, click Continue to download genymotion.

Installing Genymotion and a Virtual Device

Install the software with the default options.

After it starts, it asks if you want to add a new virtual device. Click Yes.

Sign in with your Genymotion account to see available devices.

Select Google Galaxy Nexus - 4.3 - API 18 - 720x1280". Click Next twice.

The virtual device downloads (about 150 MB).

Click Finish.

In Genymotion, you now see a virtual device, as shown below.

Configuring Genymotion Settings

In the Genymotion window, click Settings.

In Settings, on the General tab, make sure your Genymotion username and password are entered, as shown below.

On the ADB tab, fill in the SDK Path for your host system, as shown below.

To find your SDK path, open Android Studio and click Tools, Android, "SDK Manager".
On a Windows system, the path will be something like this:
C:\Users\student\AppData\Local\Android\sdk

Click OK.

Note: the Network tab here is used to configure an interface that is used only for Genymotion updates, not for Internet traffic to the Android device. Just ignore it.

Starting the Genymotion Device

In the Genymotion window, click Start.

The Android device starts up. Swipe up with the mouse to see the Home Screen, as shown below.

Installing Play Store: File 1

To get Play Store on the Genymotion device, you need to install two files.

On your host computer, in a Web browser, download this file. It's about 9.4 MB in size.

https://samsclass.info/128/proj/Genymotion-ARM-Translation_v1.1.zip

After the download completes, drag the file and drop it onto the Genymotion Android home screen.

A dialog will appear and show a file transfer in progress, then another dialog will appear and ask if you want to flash it on the emulator.

Click OK.

A box will appear telling you to reboot the device.

Rebooting the Android Device with ADB

On your host machine, open a Terminal or Command Prompt window.

Execute these commands, changing the path in the first command to your correct SDK path.

NOTE: If you are using Windows, remove the "./" before "adb".

cd /Users/sambowne/Library/Android/sdk

cd platform-tools

./adb devices -l

Note that the last command ends in the a lowercase letter "L", not the numeral "1".

You should see the Nexus device listed, as shown below.

Execute this command to reboot the Nexus.

./adb reboot

Installing Play Store: File 2

On your host computer, in a Web browser, download this file. It's about 92 MB in size.

https://samsclass.info/128/proj/gapps-jb-20130813-signed.zip

After the download completes, drag the file and drop it onto the Genymotion Android home screen.

A dialog will appear and show a file transfer in progress, then another dialog will appear and ask if you want to flash it on the emulator.

Click OK.

A box will appear telling you to reboot the device.

Rebooting the Android Device with ADB

On your host machine, in a Terminal or Command Prompt window, execute this command to reboot the Nexus.
./adb reboot

Finding Play Store

When the Genymotion machine restarts, swipe up to see the Home Page.

Click the circle at the bottom center.

Drag the screen to the left to get to the second page of apps.

you should see "Play Store", as shown below.

Troubleshooting

If Play Store doesn't appear, you may need to reboot again or even reinstall one or both of the packages.

If you still have problems, consult this page:

How to install Google Play Services in a Genymotion VM

Launching Play Store

Launch "Play Store".

When you are prompted to, log in with a Gmail account.

The Play Store opens, as shown below.

Find your Host Computer's IP Address

In your host system, open a Terminal or Command Prompt.

If you have a PC, execute the ipconfig command.

If you have a Mac, execute the ifconfig command.

Find the IP address of the interface that goes to the Internet and make a note of it.

Installing Burp

Burp is a very popular proxy, enabling you to view and alter network traffic.

In a Web browser, go to http://portswigger.net/burp/download.html

At the bottom of the "Free Edition" column, click "Download now".

A "burpsuite_free_v1.6.jar" file downloads. Double-click it to launch it.

Burp opens, as shown below.

Configuring Burp

On your host system, launch Burp.

In Burp, click the Proxy tab.

Click the Intercept sub-tab.

Click the "Intercept is on" button, so it shows "Intercept is off", as shown below.

Click the Options sub-tab.

If any listeners are running, clear their check-boxes to stop them, as shown below.

Click the Add button.

In the "Add a new listener" box, in the "Bind to port" field, enter 8080.

In the "Specific address" list box, select your host computer's IP address that you determined earlier, as shown below.

Click OK.

Burp should now show a listener on your IP address and port 8080, as shown below.

Click the Target tab.

Click the Scope sub-tab.

In the "Include in scope" section, clear all the check boxes, as shown below.

Click the Add button.

In the "Add URL to include in scope" box, click OK.

Burp now shows a scope of "any", as shown below.

Adjusting Android Networking

From the Android home screen, click the circle at the bottom center.

Drag the screen to the left to see the second page of apps.

Click Settings.

In Settings, click Wi-Fi.

Click and hold WiredSSID until a box pops up.

Click on "Modify network".

Check the "Show advanced options" box and select Manual from the Proxy Settings menu.

Enter your host machine's IP address in the "Proxy hostname" field, and 8080 in the "proxy port" field, as shown below.

Then click Save.

Testing the Proxy

In the Android device, open Browser and go to

http://attack.samsclass.info

"Vulnerable Pages" opens, as shown below.

In Burp, click the Proxy tab.

Click the "HTTP history" sub-tab.

Find the line that shows the http://attack.samsclass.info page loading, as shown below.

Opening a Secure Page

In the Android device, open Browser and go to

https://samsclass.info

A "Security warning" box pops up, as shown below.

Click "View certificate".

This certificate is from "PortSwigger", the makers of Burp, as shown below.

Exporting the PortSwigger CA Certificate from Burp

This is HTTPS working as it should, warning you that you do not have a secure connection to the end site. Burp is intercepting the traffic.

We want to add PortSwigger as a trusted certificate authority to get rid of these messages.

In Burp, click the Proxy tab.

Click the Options sub-tab.

Click the "CA certificate..." button.

In the "CA Certificate" box, click the "Certificate in DER format" button, as shown below.

Click Next.

Save the certificate somewhere you can find it, such as on your Desktop.

Give it a name of portswigger.cer, as shown below.

Click Save.

Click Next. Click Close.

Installing the PortSwigger CA Certificate into Android

Drag the portswigger.cer file and drop it on the Android home page.

A message appears, saying "Files successfully copied to sdcard/Download", as shown below.

Click OK.

From the Android home screen, click the circle icon in the bottom center.

Drag the screen to the left to see the second page of apps.

Click Settings.

In Settings, scroll down and click Security.

In Security, scroll down and click "Install from SD card", as shown below.

A box pops up titled "Name the certificate".

Click OK.

If you have a PIN configured, you will have to enter it.

A box pops up, saying "Portswigger is installed".

Intercepting HTTPS Traffic

In Android, launch the browser.

If you see "Security warning" boxes, click "Go back" until they vanish.

Go to

https://samsclass.info

The page should load without any error messages, as shown below.

Viewing HTTPS Requests in Burp

In Burp, click the Proxy tab.

Click the "HTTP history" sub-tab.

Find the line that shows the https://samsclass.info page loading, as shown below.

Sources

How to install Google Play Services in a Genymotion VM

Android Assessments with GenyMotion + Burp


Last modified 7-29-15