Skip to main content

Burp Suite

In this guide, we'll be setting up a Corellium Android virtual device with the popular proxy tool, Burp Suite. We'll be using a Mac with Burp Suite Community Edition 2020 and a virtual Android 11 device.

Before you get started, quickly make sure that you've downloaded the Open VPN file for your virtual device and that you're connected to VPN using that profile. If you haven't already, follow the Corellium VPN article.

Configure Burp

  1. Navigate to the "Proxy" tab in Burp, and then select "Options.". Click on the current interface, and click Edit.

Burp proxy tab

  1. In the popup that appears, select the option for "All Interfaces.". Then, click OK - here, take note of the port number (8080) as well as the VPN IP Address (10.11.3.2). We'll need these later when we configure the APN settings on the Virtual Machine. If you want to check that the IP Address is accurate, you can quickly run ifconfig in Terminal to validate it.

edit proxy listerner

  1. Then, select Yes for "Listen on all interfaces,"

listen for all

  1. Then, Allow on "Accept all incoming network connections."

confirmation dialog

CA Certificates

  1. On the same Proxy -> Options screen, click Import / export CA certificate.

click import/export cert

  1. Select the option for "Certificate in DER format". Then, click Next.

der certificate format

  1. Name the certificate "BurpCA.cer" and save it to your Desktop.

  2. Then, switch over to your Corellium virtual device screen and go to the Files tab. Then, navigate to mnt -> sdcard -> Download folder, and click UPLOAD. Upload the BurpCa.cer.

files path

  1. Swipe up on the virtual device's screen, then select the Settings app

swipe up

  1. In Settings, go to Security -> Encryption and credentials -> Install a certificate -> CA certificate. Then, click Install Anyway.

click install anyway

  1. Here, click the top-left menu icon, and select Downloads. Then, select the certificate.

Configure APN

  1. Navigate back to the Settings app home page and select Network and internet -> Mobile Network -> Advanced -> Access Point Names. Then, click the network.

settings app page

  1. Here, enter the IP Address and port from Step 2 of Configure Burp in the Proxy field and port fields respectively, click the menu icon in the top right, then click Save.

enter port and proxy

Troubleshooting

If you have set up your proxy and are not able to see traffic, try closing and restarting your VPN session. Ensure that you are able to ping the IP address from the virtual device console.

Remember, you may not be able to reach HTTPS websites without proper trust certificates installed.

If the issue still persists, contact your network administrator to determine if any local network configurations may be blocking or interfering with the virtual device network.

Validate

To validate Burp is intercepting traffic, do a quick web search in the virtual device's Webview. You will see the request in Burp, and then as you forward the request, you will see the device respond.

That's all there is to it! Thank you for taking the time to read this, and happy virtualizing!