Configuring Android Studio emulator to Work With Burp Suite

This is a short blog where you will learn about how you intercept HTTP or HTTPS traffic Android Studio AVD to BurpSuite. The reason for writing this blog is because I I myself spent hours to figure out how to intercept traffic in BurpSuite from android studio AVD.

I assume that android studio and BurpSuite are properly installed inside your system and are working properly. Lets start by configuring BurpSuite to intercept traffic from Android Studio ADV

Steps:

  1. Open BurpSuite
  2. Go to Options under Proxy tab
  3. Click Add in order to add new Proxy Listeners
  4. Now enter your desired port which is available, in my case I am using 8085.
  5. Choose radio button having option All interfaces and click OK
  6. Make sure that under Proxy Listeners, *.8085 interface is checked
  7. BurpSuite is configured

Lets configure Android Studio

  1. Open android studio and create an emulator using AVD manager available under Tools in android studio.
  2. In my case I am creating Pixel 27 Android 8.1.
  3. Choose Release name based on your requirement.
  4. Incase you get this error /dev/kvm device: permission denied, then you need to give root permission to /dev/kvm
  5. Use command sudo chmod 777 -R /dev/kvm to assign permissions

  6. Make sure you don’t forget to give AVD Name, I have named it as target_machine.

  7. Check you system network interface wlan IP using ifconfig. In my case it is 192.168.0.108
  8. Navigate to directory where you installed Android Studio and its components if any
  9. By default it is in users home directory, use below command to go there
  10. cd ~/Android/Sdk/emulator
  11. Now once you are in the emulator directory, run command ./emulator -http-proxy http://192.168.0.108:8085 -avd target_machine
  12. Follow steps as mentioned in below image
  13. Configure the manual proxy configuration

Lets see whether Burp intercept traffic from android studio AVD or not.

Open BurpSuite and turn on intercept. Access any site in phone browser. As shown in below image we are successfully able to capture traffic in BurpSuite

But when we forward the request in BurpSuite, browser shows the connection is not secure because it requires Burp CA certificate.