Install Burpsuite’s or any CA certificate to system store in Android 10,11 and Kali linux.

What is the need to Install certificates in System Trust Store?

While testing or perfoming security analysis of android apps using a proxy tool such as Burp, Zap, mitmprox etc. All the apps by defaults do not trust the user trust store unless explicitly stated in the network security configuration of the app.

An example network-security-config.xml file which trusts the user trust store
  1. Export Burp CA certificate and Save it as burp.der. But it is encoded we need to convert it to PEM format.
  1. Install Magisk module from https://github.com/NVISO-BE/MagiskTrustUserCerts/releases
  2. Transfer the “AlwaysTrustUserCerts.zip” to internal storage or directly download it on the device itself.
  3. Click install from Storage in magisk app, Choose zip of module to be installed and then reboot and check module is installed.
  4. Now make sure you have installed certificate in user store which you want to install to system store. (Note: you may need to rename it from “burp.cer” to “burp.crt” for installing it in User credential store)
  5. It should look something like this Fig. below.
  6. Now just reboot your mobile phone.
  7. Again check the system store for PortSwigger certificate and violla! our certificate is installed in system store.
  8. To remove the certificate just remove it from User store and reboot.
  1. First we need to rename our certificate file to “<hash>.0” . For generating hash just run this command. Then rename “burp.cer” file to “9a5ba575.0”.
$ adb shell
$ su
# whoami
root
mkdir -m 700 /wherever/you/want
cp /system/etc/security/cacerts/* /wherever/you/want/
mount -t tmpfs tmpfs /system/etc/security/cacerts
mv /wherever/you/want/* /system/etc/security/cacerts/
mv /path/to/cert/hash.0 /system/etc/security/cacerts/ 
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
  1. Reboot to recovery (You need twrp to be installed, I have not tried on other ones).
  2. Mount /system partition in twrp.
  3. Connect usb to be able to use adb.
  4. Then transfer your hash.0 cert file to /system/etc/security/cacerts/ .
  5. At last just run these commands one by one:
    chown root:root /system/etc/security/cacerts/*
    chmod 644 /system/etc/security/cacerts/*
    chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
  6. Now your installed cert(hash.0) will remain even after reboot!.
  7. Please note location of installed certificate will be, I don’t know why but this was the location “/data/adb/modules/movecert/system/etc/security/cacerts/” (in my case atleast)
  1. convert certificate file to crt/pem format.
openssl x509 -in cacert.der -inform DER -out burp.crt
mv burp.crt /usr/local/share/ca-certificates/extra/
sudo update-ca-certificates
proxychains curl https://example.com:443

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
n00🔑

n00🔑

135 Followers

Tries to understand computers. I know little bit of most things. Definitely not an expert. Usually plays HTB (ID-23862). https://www.linkedin.com/in/pswalia2u/