Burp For Android 7+

Burp Suite with Android 7+

Note: This requires a rooted device


1. Create custom certificate with the following commands:
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt
    openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt

2. Import the certificate.p12 into burp with the import certificate option --> Certificate and private key from PKCS#12 keystore

3. In android download the certificate from http://burp, rename it to cacert.cer and install it

4. From the pc connect to the device with ADB and run the following commands
    adb shell
    su
    mount -o rw,remount /system
    cd /data/misc/user/0/cacerts-added  (or google the default location for your phone for the user added certificates)
    mv (if this is the only certificate installed there should be only one file installed) <file name> /system/etc/security/cacerts/
    chown root :root /system/etc/security/cacerts/<file name.0>
    ls -al /system/etc/security/cacerts/<filename.0> to check the owner/group (should be root)
    mount -o ro,remount /system
    reboot

5. Now it should work as intended, if SSL errors are present it's likely the app has SSL pinning

Note: 
On the recent versions of Android it seems the user certificates are being installed on a different location and using a different name. If this is the case it is required to rename the file into the android name expected which is a ".0" extension and a hash name. To do this we need to run the following command in the pc 

   openssl x509 -inform PEM -subject_hash_old -in <certificate> | head -1

Then just rename the file using the output and the ".0" extension.
i.e if the command returned "69241f1f" rename the cert to 69241f1f.0 and finally push it to /system/etc/security/cacerts or your system cert folder

Useful sources
https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities
https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/
https://support.portswigger.net/customer/portal/questions/16711090-cert-validity-too-long

############################################


1. Crear un certificado con los siguientes comandos
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout pk.key -out certificate.crt
    openssl pkcs12 -export -out certificate.p12 -inkey pk.key -certfile certificate.crt -in certificate.crt

2. En el burp importe el certificado con Proxy --> Options --> Import / Export Certificate ---> Certificate and private key from PKCS#12 keystore

3. En android bajar el certificado desde http://burp , renombrarlo a .cer e instalarlo

4. Utilizando adb desde el pc ejecutar los siguientes comandos
    adb shell
    su
    mount -o rw,remount /system
    cd /data/misc/user/0/cacerts-added  (deberia ser la ruta por defecto donde se instalan los certificados de usuario)
    ls (solo debe existir un archivo , si existen multiples es porque hay multiples certificados instalados por el usuario y deben ser eliminados desde Config --> Security --> User Credentials )
    mv <filename.0> /system/etc/security/cacerts/
    chown root :root /system/etc/security/cacerts/<filename.0>
    mount -o ro,remount /system
    reboot


Nota: en caso de que el comando mount no funcione intentar con mount -o remount,rw /system 

5. Ya deberia aparecer el certificado en trusted credentials del celular y deberia funcionar el burp para la mayoria de aplicacion, las unicas que no funcionan es porque utilizan SSL Pinning y son aplicaciones como whatsapp y facebook