In this guide, we'll be setting up a Corellium Android virtual device with the popular proxy tool, Burp Suite. We'll be using a Mac with Burp Suite Community Edition 2020 and a virtual Android 11 device.
Before you get started, quickly make sure that you've downloaded the Open VPN file for your virtual device and that you're connected to VPN using that profile. If you haven't already, follow the Corellium VPN article.
- Navigate to the "Proxy" tab in Burp, and then select "Options.". Click on the current interface, and click Edit.
- In the popup that appears, select the option for "All Interfaces.". Then, click OK - here, take note of the port number (8080) as well as the VPN IP Address (10.11.3.2). We'll need these later when we configure the APN settings on the Virtual Machine. If you want to check that the IP Address is accurate, you can quickly run ifconfig in Terminal to validate it.
- Then, select Yes for "Listen on all interfaces,"
- Then, Allow on "Accept all incoming network connections."
- On the same Proxy -> Options screen, click Import / export CA certificate.
- Select the option for "Certificate in DER format". Then, click Next.
Name the certificate "BurpCA.cer" and save it to your Desktop.
Then, switch over to your Corellium virtual device screen and go to the Files tab. Then, navigate to mnt -> sdcard -> Download folder, and click UPLOAD. Upload the BurpCa.cer.
- Swipe up on the virtual device's screen, then select the Settings app
- In Settings, go to Security -> Encryption and credentials -> Install a certificate -> CA certificate. Then, click Install Anyway.
- Here, click the top-left menu icon, and select Downloads. Then, select the certificate.
- Navigate back to the Settings app home page and select Network and internet -> Mobile Network -> Advanced -> Access Point Names. Then, click the network.
- Here, enter the IP Address and port from Step 2 of Configure Burp in the Proxy field and port fields respectively, click the menu icon in the top right, then click Save.
If you have set up your proxy and are not able to see traffic, try closing and restarting your VPN session. Ensure that you are able to ping the IP address from the virtual device console.
Remember, you may not be able to reach HTTPS websites without proper trust certificates installed.
If the issue still persists, contact your network administrator to determine if any local network configurations may be blocking or interfering with the virtual device network.
To validate Burp is intercepting traffic, do a quick web search in the virtual device's Webview. You will see the request in Burp, and then as you forward the request, you will see the device respond.
That's all there is to it! Thank you for taking the time to read this, and happy virtualizing!