Android 12 Burp Certificate (Tested on Memu)
Android 12 Burp Certificate (Tested on Memu) - I’m using Android 12 and encountering an issue installing the Burp certificate. The system stores root CA certificates in the /system/etc/security/cacerts directory, which is read-only and prevents direct modification. I found another person facing the same issue here: Reddit - Unable to remount the system folder as RW .
For intercepting and analyzing traffic with Burp Suite, you need to add Burp’s CA certificate so that the device trusts the proxy. Here’s how to achieve that.
Prepare Cert File
Export your Burp Suite CA certificate in DER format (e.g., cacert.der).
Convert the Certificate to PEM and Generate Hash
Use the following commands:
# Convert DER to PEM
openssl x509 -inform DER -in cacert.der -out cacert.pem
# Generate old subject hash (used by Android)
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
# Rename the file to <hash>.0
mv cacert.pem <hash>.0
Bypass Read-Only with tmpfs
Since the cacerts directory is read-only, we can overlay it with tmpfs to allow writing. Below is a sample script:
#!/system/bin/sh
# Create temporary directory
mkdir -p -m 700 /data/local/tmp/htk-ca-copy
# Copy existing system certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Mount tmpfs over the system cert directory
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Restore the original certificates
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Add the new certificate
cp "$1" /system/etc/security/cacerts/
# Set proper permissions and SELinux context
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Clean up temporary directory
rm -r /data/local/tmp/htk-ca-copy
echo "System cert successfully injected"
Save this script as cert.sh and run it: sh cert.sh <hash>.0
Notes
For some reason, this certificate will disappear if the emulator is restarted.
But, if it works, don’t touch it.
hehe
Android 12 Burp Certificate (Tested on Memu) - I’m using Android 12 and encountering an issue installing the Burp certificate. The system stores root CA certificates in the /system/etc/security/cacerts directory, which is read-only and prevents direct modification. I found another person facing the same issue here: Reddit - Unable to remount the system folder as RW .
For intercepting and analyzing traffic with Burp Suite, you need to add Burp’s CA certificate so that the device trusts the proxy. Here’s how to achieve that.
Prepare Cert File
Export your Burp Suite CA certificate in DER format (e.g., cacert.der).
Convert the Certificate to PEM and Generate Hash
Use the following commands:
# Convert DER to PEM
openssl x509 -inform DER -in cacert.der -out cacert.pem
# Generate old subject hash (used by Android)
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
# Rename the file to <hash>.0
mv cacert.pem <hash>.0
Bypass Read-Only with tmpfs
Since the cacerts directory is read-only, we can overlay it with tmpfs to allow writing. Below is a sample script:
#!/system/bin/sh
# Create temporary directory
mkdir -p -m 700 /data/local/tmp/htk-ca-copy
# Copy existing system certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Mount tmpfs over the system cert directory
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Restore the original certificates
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Add the new certificate
cp "$1" /system/etc/security/cacerts/
# Set proper permissions and SELinux context
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Clean up temporary directory
rm -r /data/local/tmp/htk-ca-copy
echo "System cert successfully injected"
Save this script as cert.sh and run it: sh cert.sh <hash>.0
Notes
For some reason, this certificate will disappear if the emulator is restarted.
But, if it works, don’t touch it.
hehe