M 120: Burp and Android 8 (10 pts extra)

What You Need for This Project

Exporting the PortSwigger CA Certificate from Burp

This is HTTPS working as it should, warning you that you do not have a secure connection to the end site. Burp is intercepting the traffic.

We want to add PortSwigger as a trusted certificate authority to get rid of these messages.

In Burp, click the Proxy tab.

Click the Options sub-tab.

Click the "Import /export CA certificate..." button.

In the "CA Certificate" box, in the Export section, click the "Certificate in DER format" button, as shown below.

Click Next.

On the next page, click the "Select file..." button. Navigate to a folder you can find, such as your Desktop.

Give the file a name of portswigger.der

Click Save.

Click Next. Click Close.

Converting the File in Kali

Drag the file onto the desktop of your Kali machine.

On Kali, in a terminal, execute these commands, replacing the hash value in the last command with the output of the third one: 

cd ~/Desktop
openssl x509 -inform DER -in portswigger.der -out portswigger.pem
openssl x509 -inform PEM -subject_hash_old -in portswigger.pem | head -1
mv portswigger.pem 9a5ba575.0

Installing the File on the Android Device

Connect to your Android device with adb from Kali.

Then execute these commands, replacing the hash value in commands with the correct hash value for your certificate. 

adb root
adb remount
adb push 9a5ba575.0 /sdcard/ 
adb shell mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
adb reboot

Viewing Trusted Credentials

On your Android device, open Settings, tap "Security & Location", tap "Encryption & Credentials", and tap "Trusted credentials",

Portswigger is on the list, as shown below.

M 120.1: CA Name (10 pts)

Find the text covered by a green box in the image above. That's the flag.

References

Configuring Burp Suite With Android Nougat
Posted 2-10-21