https://amish.patadiya.in/post/PostsSource Themes Academic (https://sourcethemes.com/academic/)en-usAmish Patadiya © 2022https://amish.patadiya.in/img/avatarhttps://amish.patadiya.in/post/https://amish.patadiya.in/post/intercept_traffic_android_studio_emulator/Mon, 15 Jan 2024 17:15:02 +0530https://amish.patadiya.in/post/intercept_traffic_android_studio_emulator/<div style="font-size: 16px;"> <p>In this blog, I and <a href="https://twitter.com/devsecboy" target="_blank" rel="noopener">Sanjay</a> have explained how we can capture any application network traffic in Android Studio Emulator.<br/></p> <p>To begin, export the Burp certificate in the &lsquo;DER&rsquo; format and save it to the base system, as illustrated in the following figure:</p> <div> <img src="resources/1.png" style="border:1px solid black;"> </div> <p>Next, utilizing OpenSSL, convert the DER file to a PEM file. Afterward, rename the PEM file with the certificate hash and proceed to push the certificate to the emulator&rsquo;s &lsquo;/sdcard&rsquo; folder, as depicted in the figure below:</p> <pre><code>openssl x509 -inform DER -in burpcert.der -out burpcert.pem openssl x509 -inform PEM -subject_hash_old -in burpcert.pem | head -1 mv burpcert.pem 9a5ba575.0 adb push 9a5ba575.0 /sdcard </code></pre> <div> <img src="resources/2.png" style="border:1px solid black;"> </div> <p>Please note that this step is optional. However, if you wish to run &lsquo;emulator.exe&rsquo; from the command line irrespective of the current path, you&rsquo;ll need to configure the following environment variables:</p> <div> <img src="resources/3.png" style="border:1px solid black;"> </div> <p>To modify the certificate in the system folder, it&rsquo;s necessary to open the emulator in writable mode. This can be achieved by executing the following commands:</p> <pre><code>emulator.exe -list-avds emulator.exe -writeable-system -avd &quot;OUTPUT_OF_ABOVE_COMMAND&quot; </code></pre> <div> <img src="resources/4.png" style="border:1px solid black;"> </div> <p>To incorporate the Burp certificate, it&rsquo;s essential to copy it to both the Android security &lsquo;cacerts&rsquo; and Google &lsquo;cacerts&rsquo; folders. This can be accomplished by executing the following command, as illustrated below:</p> <pre><code>adb shell su cd /sdcard </code></pre> <pre><code>mkdir -m 700 mycerts cp 9a5ba575.0 mycerts/ cp /system/etc/security/cacerts/* mycerts/ mount -t tmpfs tmpfs /system/etc/security/cacerts cp mycerts/* /system/etc/security/cacerts/ chown root:root /system/etc/security/cacerts/* chmod 644 /system/etc/security/cacerts/* chcon u:object_r:system_file:s0 /system/etc/security/cacerts/* </code></pre> <pre><code>mkdir -m 700 mycerts_google cp 9a5ba575.0 mycerts_google/ cp /system/etc/security/cacerts_google/* mycerts_google/ mount -t tmpfs tmpfs /system/etc/security/cacerts_google cp mycerts_google/* /system/etc/security/cacerts_google/ chown root:root /system/etc/security/cacerts_google/* chmod 644 /system/etc/security/cacerts_google/* chcon u:object_r:system_file:s0 /system/etc/security/cacerts_google/* </code></pre> <div> <img src="resources/5.png" style="border:1px solid black;"> </div> <p>Launch any application from the emulator, and as depicted below, you&rsquo;ll observe that we successfully intercepted the traffic.</p> <div> <img src="resources/6.png" style="border:1px solid black;"> </div> <p>After restarting the emulator, it&rsquo;s necessary to rerun the following command to resume intercepting the traffic.</p> <pre><code>adb shell su cd /sdcard </code></pre> <pre><code>mount -t tmpfs tmpfs /system/etc/security/cacerts cp mycerts/* /system/etc/security/cacerts/ chown root:root /system/etc/security/cacerts/* chmod 644 /system/etc/security/cacerts/* chcon u:object_r:system_file:s0 /system/etc/security/cacerts/* </code></pre> <pre><code>mount -t tmpfs tmpfs /system/etc/security/cacerts_google cp mycerts_google/* /system/etc/security/cacerts_google/ chown root:root /system/etc/security/cacerts_google/* chmod 644 /system/etc/security/cacerts_google/* chcon u:object_r:system_file:s0 /system/etc/security/cacerts_google/* </code></pre> <div> <img src="resources/7.png" style="border:1px solid black;"> </div></div> <p><strong>References:</strong></p> <ul> <li><a href="https://developer.android.com/studio/run/emulator-commandline">https://developer.android.com/studio/run/emulator-commandline</a></li> </ul> </div>https://amish.patadiya.in/post/ipv6/Sun, 16 Sep 2018 17:15:02 +0530https://amish.patadiya.in/post/ipv6/<iframe src="//www.slideshare.net/slideshow/embed_code/key/dcdLIjmUL5gDZk" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/AmishPatadiya1/ipv6-for-pentester" title="IPv6 for Pentester" target="_blank">IPv6 for Pentester</a> </strong> from <strong><a href="https://www.slideshare.net/AmishPatadiya1" target="_blank">Amish Patadiya</a></strong> </div>https://amish.patadiya.in/post/second-order-sqli-injection/Fri, 09 Feb 2018 17:15:02 +0530https://amish.patadiya.in/post/second-order-sqli-injection/<h2 id="httpswwwnotsosecurecomanalyzing-cve-2018-6376httpswwwnotsosecurecomanalyzing-cve-2018-6376"> <a href="https://www.notsosecure.com/analyzing-cve-2018-6376/" target="_blank" rel="noopener">https://www.notsosecure.com/analyzing-cve-2018-6376/</a> </h2>