Setting Up an Android Testing VM

Mobile Penetration Testing

Installing the VM

  1. You’ll have to download the relevant android version .iso. I decided to use one which was already rooted, and had the Play Store installed. I found it here: https://www.xda-developers.com/android-x86-android-8-1-oreo/
  2. Before launching the VM, you’ll need to edit the .vmx configuration file (this file is located within the directory of your VM) to include the following line: ethernet0.VirtualDev = “vlance”

Notes:
Once the VM has been powered on this file cannot be edited, so ensure you untick “power on VM after installation”.
During the setup process you’ll be asked to configure the file system with read/write access. Ensure you select yes for this for later steps.

Configuring Android GUI

  1. Power on the Android VM, and select the boot option with “debug”. This will bring you into the debugging console, where you can edit the following file (remember you should’ve made the file system read/write for this): vi /mnt/grub/menu.lst
  2. Within the first section in the file, append the following entries onto the “kernel” line: vga=ask nomodeset xforcevega
  3. Save the file, and use the ‘reboot’ command to restart the device.
  4. On reboot, you can select the non-debug option and you’ll be asked which resolution to select for the GUI – just press space and it’ll be selected automatically.

Intercepting HTTP Traffic with Burp

Device Proxy Setup

Usually in Linux you can configure the system to use a HTTP proxy using the export command, however, this does not work for the Android image. Instead you’ll have to connect to the device remotely using ‘adb.exe’ and configure it through this.

This can be done by issuing the following commands from your testing laptop:

adb.exe/adb connect <ip>:5555 or <random_port>

Issue proxy command:

## (ensure the proxy is listening on the correct interface for the device to see it)
adb shell settings put global http_proxy <ip_of_burp>:<burp_proxy_port>

You should now see HTTP traffic through Burp (once you’ve installed the certificate – more on that to come).

Leave a Reply

Your email address will not be published. Required fields are marked *