Genymotion - Proxying Android App Traffic Through Burp Suite

Genymotion - Proxying Android App Traffic Through Burp Suite | Cameron Cartier

Рет қаралды 12,680

Күн бұрын

Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Mobile App Testing is a category showing no signs of slowing down. is In this video, BHIS tester Cameron Cartier walks us through linking Genymotion to Burp Suite for traffic monitoring. Included below are the commands referenced in the video.
Commands (link to BHIS blog)
www.blackhillsinfosec.com/gen...
Chapters
00:00 - Genymotion - Proxying Android App Traffic Through Burp Suite
00:14 - Create Virtual Device
01:09 - Install Google Play Store Apps
01:32 - Setup Burp Proxy
02:44 - Create Device Certificate
03:30 - Configure Proxy on Virtual Device
05:07 - Testing the Proxy connection
05:23 - Installing the Burp Certificate on the Virtual Android Device
09:14 - ProTip- Reverse traffic order - newest requests on top
09:56 - Install Google Play Services on Device
10:55 - Disclaimer about testing responsibly
11:34 - Certificate Pinning
12:47 - Recap!
Music by nobandwidth
www.nobandwidth.io
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZbin: / wildwesthackinfest
Active Countermeasures KZbin: / activecountermeasures
Antisyphon Training KZbin: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/

Пікірлер: 31

@pamazgostv 12 күн бұрын

fkn banged my head trying to setup the proxy inside the emulator's settings. It worked super easy via adb. TY so much!

@user-ph2nm9oi6z 6 ай бұрын

Thank you so much. im trying three days for intercepting android data with android studio emulator and today i have done it with your video.

@manjilneupane7972 Жыл бұрын

And it is the actual video i was looking for... Thankyou so much

@TheRich464 Жыл бұрын

Thanks for the walkthrough 🎉

@nelly4921 7 ай бұрын

Thank you for the amazing walk through

@gand0rfTRZ Жыл бұрын

This is really interesting. I will have to give it a try.

@benjaminmunoz9136 4 ай бұрын

Great video, thanks!

@zeux1024 11 ай бұрын

It's very useful video for me. Thanks :)

@kiroolos Ай бұрын

Thank you so much

@archersterling4044 8 ай бұрын

Awesome, just perfect.

@imanolmarin7766 7 ай бұрын

Thank you very much!

@iam_epa 15 күн бұрын

finalyyyyy thanks alot

@itsm3dud39 10 ай бұрын

thanks mam now it works

@RainbowDjinn 22 күн бұрын

Thanksss so much!! Helped me a lot cause default way of configuring proxy inside android wasan´t working.

@chrstanarmas8898 5 ай бұрын

cool video

@idanlevi17 Жыл бұрын

can you explain why you used adb instead of the mobile "settings"?

@azkymuhtarom Жыл бұрын

i using qemu from android studio.. after adb shell settings put global http_proxy localhost:3333 and adb reverse tcp:3333 tcp:8090... burp show my api but my internet in emulator broken... any ide for my situation ?

@jruiz1951 9 ай бұрын

Hi very informative video, can it be possible to make a video on how to bypass an app that blocks the vpn proxy & thanks

@wardellcastles 9 ай бұрын

Great vid. Why do you set your proxy to port 3333 then a reverse to 8082? Why not set proxy to 8082 and not set any reverse?

@BlackHillsInformationSecurity 9 ай бұрын

In theory this should work, however I have found emulators to be rather finicky. There are certain situations in which the reverse proxy is necessary, such as described here: www.genymotion.com/blog/access-internal-web-services-android-devices-running-cloud-using-adb-reverse/. We demonstrate this method because it seems to be the most universal and reliable. - Cameron

@xaferima 4 ай бұрын

Thanks! if someone has this error "mount: '/system/' not in /proc/mounts" Just mount directly the root(/): mount -o rw,remount /

@umair_villanio 2 ай бұрын

Thanks a lot bruv!!

@peterkim9696 6 ай бұрын

How can we bypass ssl pinning cause I want to pentest Instagram

@JXDMDEV 6 ай бұрын

"Could you make a tutorial addressing only this issue and how to solve it?? Please."

@alimustafa2682 8 ай бұрын

I love you

@mahmudaminu3179 4 ай бұрын

I lost my internet access on AVD immediately after I rebooted it, and I'm unable to fix it, Do you have any suggestions pls?

@benjaminmunoz9136 4 ай бұрын

Yes, you must restart the adb proxy with this command: adb reverse tcp:3333 tcp:8082

@JXDMDEV 6 ай бұрын

"Do you need a cloud plan to access network traffic from Genymotion emulators?"

@Roger11719 Жыл бұрын

booting up by nobandwidth

@BlackHillsInformationSecurity Жыл бұрын

It seemed like an apt track to utilize for this video. : )

@liquidtea9347 Жыл бұрын

I stumbled upon this video because I'm trying to play mobile games like Pokemon Go on my Steam Deck. And yes, I know Pokemon Go will not work on the Steam Deck because the Steam Deck does not have a GPS. I'll be happy spoofing as the dirty cheater I am. Also games like Sky: Children of the Light on my Steam Deck through Genymotion. I have Genymotion downloaded with the Amazon Fire HD 8 (for it and the Steam Deck has the same screen resolution) and working on my Steam Deck but Pokemon Go and Sky are not found in the Google Play Store and/or not compatible with the device. I'm assuming it's because the Google Play Store and others like Aptoid know it's an emulator as I've tried everything on a Google Pixel emulation like shown in this video. I'm not well versed in the ways of magic you all call "computer science" but am I onto something here? Is this video the answer to my problems? can someone with better skills test it for me? I got to the point where I needed the adb program, which I assumed was the Android Debug Bridge from a Google search. I followed the gide for it on Android.Developer.com and it lead me to download the SDK Platformtools where I skipped using the SDK Manager and downloaded the tools themselves instead. After extracting and executing everything from that zip file, I realized this may have been a wrong turn and I am way in over my head. That expression makes no sense now that I typed it but you get what I mean. All of this was done on Linux, on a Steam Deck. Please help me. Thanks!