search

whyakari / HttpCanary-Magisk-and-KSU

An Http Canary module now working on Android versions 11+ through Android 13.
GNU General Public License v2.0
43 stars 3 forks source link

install burp suite cert as root on kernelSU #3

Closed kyzsuukii closed 1 year ago

kyzsuukii commented 1 year ago

thanks to bring a solution to install http canary for A14 but can you also make a kernelSU modules for move/install burp suite cert as root

1700064189361.jpg

whyakari commented 1 year ago

hi ~ could you explain better?

kyzsuukii commented 1 year ago

hi ~ could you explain better?

just kernelSU modules to move cert of burp suite to /system/../cert like what u do it in http canary

i have issue with A14 i cant remount system as r/w to move the cert to root

whyakari commented 1 year ago

hi ~ could you explain better?

just kernelSU modules to move cert of burp suite to /system/../cert like what u do it in http canary

i have issue with A14 i cant remount system as r/w to move the cert to root

generating certificate

android 12+ does not accept the default burp certificate, you have to generate a unique certificate. Then import this into burp and use the commands to make it compatible with Android.

mkdir cert && cd cert
openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca #generate ca
openssl rsa -in server.key -inform pem -out server.key.der -outform der #convert
openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt #convert to pkcs8

openssl x509 -inform der -in ca.der -out ca.pem
cp ca.pem `openssl x509 -inform pem -subject_hash_old -in ca.pem | head -1`.0 #create a filename with the hash

pushing & installing certificate

adb root
adb remount
adb push [ca_file].0 /sdcard

adb shell
cp /sdcard/[ca_file].0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/[ca_file].0

sources

android 12 /system/etc/security/cacerts is readonly. This can solve it:

Create a separate temp directory, to hold the current certificates

Without this, when we add the mount we can't read the current certs anymore.

mkdir -p -m 700 /data/local/tmp/htk-ca-copy

Copy out the existing certificates

cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/

Create the in-memory mount on top of the system certs folder

mount -t tmpfs tmpfs /system/etc/security/cacerts

Copy the existing certs back into the tmpfs mount, so we keep trusting them

mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/

Copy our new cert in, so we trust that too

mv {certificatePath} /system/etc/security/cacerts/

Update the perms & selinux context labels, so everything is as readable as before

chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*

Delete the temp cert directory & this script itself

rm -r /data/local/tmp/htk-ca-copy
rm {injectionScriptPath}
echo "System cert successfully injected"