Che4ter · August 31, 2019 16:47
diff --git a/Custom Cert on > Android 7 inkl. burp config b/Custom Cert on > Android 7 inkl. burp config
 # Keep it clean
 > mkdir certificates && cd certificates

 # Borrow the default openssl.cnf (location may differ, see note)
 > cp /etc/pki/tls/openssl.cnf ./


 # Create a private key. 
 # It's important to have the v3_ca extension and to supply the openssl.cnf file
 > openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca -config openssl.cnf
 Generating a 2048 bit RSA private key
 ....+++
 .............................+++
 writing new private key to 'server.key'
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:BE
 State or Province Name (full name) [Some-State]:NVISO CA
 Locality Name (eg, city) []:NVISO CA
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:NVISO CA
 Organizational Unit Name (eg, section) []:NVISO CA
 Common Name (e.g. server FQDN or YOUR name) []:NVISO CA
 Email Address []:NVISO CA

 # Convert to der format
 > openssl rsa -in server.key -inform pem -out server.key.der -outform der
 writing RSA key

 # Convert key to pkcs8 format
 > openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt

 Convert the public key
 openssl x509 -inform der -in ca.der -out ca.pem
 openssl x509 -inform PEM -subject_hash_old -in ca.pem | head -1
 cp ca.pem a58355c2.0
 openssl x509 -inform PEM -text -in ca.pem -out /dev/null>> a58355c2.0
 Copy the cert to the phone
 adb push a58355c2.0 /data/local/tmp
 adb shell
 In the adb shell

 su
 mount -o rw,remount /system
 mv /data/local/tmp/a58355c2.0 /system/etc/security/cacerts/
 chown root:root /system/etc/security/cacerts/a58355c2.0
 chmod 644 /system/etc/security/cacerts/a58355c2.0
 reboot

 #Import the cert into BurpSuite
 Go to the proxy settings page and choose “Import / Export CA Certificate” -> “Import” -> “Certificate and priate key in DER format”

 https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/
 https://awakened1712.github.io/hacking/hacking-install-ca-android/
	# Keep it clean
	> mkdir certificates && cd certificates

	# Borrow the default openssl.cnf (location may differ, see note)
	> cp /etc/pki/tls/openssl.cnf ./


	# Create a private key.
	# It's important to have the v3_ca extension and to supply the openssl.cnf file
	> openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca -config openssl.cnf
	Generating a 2048 bit RSA private key
	....+++
	.............................+++
	writing new private key to 'server.key'
	-----
	You are about to be asked to enter information that will be incorporated
	into your certificate request.
	What you are about to enter is what is called a Distinguished Name or a DN.
	There are quite a few fields but you can leave some blank
	For some fields there will be a default value,
	If you enter '.', the field will be left blank.
	-----
	Country Name (2 letter code) [AU]:BE
	State or Province Name (full name) [Some-State]:NVISO CA
	Locality Name (eg, city) []:NVISO CA
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:NVISO CA
	Organizational Unit Name (eg, section) []:NVISO CA
	Common Name (e.g. server FQDN or YOUR name) []:NVISO CA
	Email Address []:NVISO CA

	# Convert to der format
	> openssl rsa -in server.key -inform pem -out server.key.der -outform der
	writing RSA key

	# Convert key to pkcs8 format
	> openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt

	Convert the public key
	openssl x509 -inform der -in ca.der -out ca.pem
	openssl x509 -inform PEM -subject_hash_old -in ca.pem \| head -1
	cp ca.pem a58355c2.0
	openssl x509 -inform PEM -text -in ca.pem -out /dev/null>> a58355c2.0
	Copy the cert to the phone
	adb push a58355c2.0 /data/local/tmp
	adb shell
	In the adb shell

	su
	mount -o rw,remount /system
	mv /data/local/tmp/a58355c2.0 /system/etc/security/cacerts/
	chown root:root /system/etc/security/cacerts/a58355c2.0
	chmod 644 /system/etc/security/cacerts/a58355c2.0
	reboot

	#Import the cert into BurpSuite
	Go to the proxy settings page and choose “Import / Export CA Certificate” -> “Import” -> “Certificate and priate key in DER format”

	https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/
	https://awakened1712.github.io/hacking/hacking-install-ca-android/