Some people ask me how they can “hijack” HTTPS API calls from an Android app. One of the best ways is to use PortSwiggers free Burp Suite, and hijack all traffic between your app and the server. One of the problems is, how do you add burp’s CA certificate to your android (emulator)? Burp’s help page simply says to look it up on google. Well, I hope this is one of the results showing up.
Note: This does not require any ADB pushes or so, and can be done in a few minutes. This was done under Ubuntu, using Android Emulator version 22.6.4. I’m uploading it into a Android 4.4.2 image running on a virtual Nexus 4.
Adding a CA certificate can be done in just a few steps, and will take a few minutes… read more