Adding custom certificate to Android Trusted certificate store

Introduction

Android maintains a list of trusted certificates any deviance in the certificate would result in a error in connection. Below screenshot shows how the browser gives a popup when we set the Android device to forward the traffic to Burp Proxy instead of the actual server.


Once, the user clicks on “Continue”, the user can continue to use the application as per his requirement. However, in case of native applications there is no “popup” and the connection is directly rejected.
Solution: Add the proxy certificate to android trusted store.
How:
Step 1: Download the latest copy of bouncycastle lib from http://www.bouncycastle.org/latest_releases.htmlinto a folder called “lib”. During the making of this document, the latest version of the lib was v1.47.

Step 2: Extract a copy of the current certificate file ie. “cacerts.bks” from the android device using:
adb pull /system/etc/security/cacerts.bks




Step 3:Download a copy of the Charles Proxy certificate from the Charles website http://charlesproxy.com/charles.crt

Step 4: Add the BouncyCastle library to your machines existing Java. Once that is complete, use the below command to add Charles certificate to the certificate store downloaded from the device and sign it using the BouncyCastle library jar 
sudo keytool --keystore cacerts.bks --storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk15on-147.jar" --storepass "" --importcert --trustcacerts --alias newalias --file charles.crt


Step 5: Now, adb into the device and run the “mount” command to see where the “system” directory is mounted.
In our case, it was found to be mounted at “/dev/block/stl9”. Knowing this, remount the system directory in read/write mode so as to push the certificate store back on to the device. Then, run the command as “mount -o remount,rw -t yaffs2 /dev/block/stl9 /system” inside adb shell as root user.

Step 6: Then, change the permissions set on the certicate store to world writeable using “chmod 777 /system/etc/security/cacerts.bks” as root user and the push the new cacerts.bks into the device using “adb push cacerts.bks /system/etc/security/cacerts.bks

Step 7: Now, change the permissions back on the cacerts.bks file using “chmod 644 /system/etc/security/cacerts.bks” as root user.

Now, restart the device and after that you can see that all the traffic from the Android device can be intercepted on charles proxy without any issue.
Similar method can be applied to add Burp certificate on Android trusted certificate store.

References:

Komentar

Postingan populer dari blog ini

All India BSNL Nodal officer Contact Information..!!!

Video & Photo Gallery: Unboxing ORICO D10000 Scharge Polymer Power Bank

How to Automatically Shrink url of ADF.ly || Earn Money By ADF.ly