1. Introduction
This blog aims to provide a simple method for setting up an Android pentest lab on M1 or M2. Despite encountering various writeups with different emulators, this guide focuses solely on an Android development kit-based lab.
A rooted environment is necessary to conduct security research in the Android lab. Using a non-Google Play store image when setting up the emulator is recommended, as Google does not support production builds to run in a rooted environment. However, there may be exceptions.
2. Creating an Android Virtual device
3. Running and Managing AVDs
Path of the Android Emulator Binary
cd /Users/<user>/Library/Android/sdk/emulatorList the available AVDs
./emulator -list-avdsRun the Android Emulator
./emulator -avd <DeviceName>./emulator -avd AVD
Run with Proxy
./emulator -avd <DeviceName> -writable-system -http-proxy <ProxyIP>:<ProxyPort>./emulator -avd AVD -writable-system -http-proxy 192.168.100.245:8080
Run with ADB logs
./emulator -avd AVD -writable-system -http-proxy 192.168.0.104:8080 -logcat *4. Configuring with a proxy.
- To begin, open the Burp Suite Proxy tool.
- Please enable the listener on the correct IP address and port. Also, ensure that the proxy IP specified in the emulator command matches the IP and port enabled in Burp Suite.
- Access the mobile client's proxy IP and port or //burp and download the certificate.
- Install the certificate on the device.
Updated
Here's an interesting fact: Some people may have read my blog, but I forgot to mention an important point. Simply building a lab won't suffice.
We are all set for the lab, but here are the steps to redirect the requests to the proxy by setting up an adb reverse proxy.
Set Reverse Proxy
adb reverse tcp:8080 tcp:8080
Disable Proxy
adb reverse -remove-allPlease let me know if there are any questions or corrections since I wrote this blog quickly…
