Skip to content

Instantly share code, notes, and snippets.

@morkin1792

morkin1792/cacert_android.md

Last active September 21, 2024 09:21
Show Gist options
  • Save morkin1792/b7d72267461121ad3ddbdf4c52785f24 to your computer and use it in GitHub Desktop.
Save morkin1792/b7d72267461121ad3ddbdf4c52785f24 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cacert_android.md

adding BURP (or another) ca certificate in android

Firstly export the certificate: Proxy > Options > Import/Export CA certificate > DER Format or download this via http://burp

without root

  • put the certificate in android, access with a file manager, and install for "VPN and apps" (can be needed to rename the extension 'der' to 'cer')
  • since android 7 (nougat), Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default. [1]

with root

  • convert DER to PEM, rename and put in the correct directory [2]
    CERT="cacert.der" &&
    openssl x509 -inform DER -in $CERT -out ca.pem &&
    name=$(openssl x509 -inform PEM -subject_hash_old -noout -in ca.pem) &&
    mv ca.pem "$name".0 &&
    openssl x509 -inform PEM -text -noout -in "$name".0 >> "$name".0 &&
    openssl x509 -inform PEM -fingerprint -noout -in "$name".0 >> "$name".0
    adb push "$name".0 /data/local/tmp
    adb root 2>/dev/null && adb remount 2>/dev/null
    adb wait-for-device
    adb shell

    su -c '
    mount -o remount,rw /system 2>/dev/null ; mount -o remount,rw / 2>/dev/null ;
    DEST=/system/etc/security/cacerts && 
    mv /data/local/tmp/*.0 $DEST && 
    chown root:root $DEST/* && 
    chmod 644 $DEST/* &&
    reboot
    '
@morkin1792
Copy link
Author

These instructions may not work on Android 10+. For more up-to-date instructions, check: https://github.com/morkin1792/security-tests/blob/main/mobile/android_0.md#setting-ca-certificate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment