We're hiring! Join us and help create the future of ARM virtualization.

Getting Started with Corellium and Burp

DemoJanuary 2021

In this video, we demonstrate how to set up a Corellium Android virtual device with the popular proxy tool, Burp Suite. For this tutorial, we'll be using a Mac with Burp Suite Community Edition 2020 and a virtual Android 11 device.

Before you get started, quickly make sure that you've downloaded the Open VPN file for your virtual device and that you're connected to VPN using that profile.

1. Configure Burp

Navigate to the "Proxy" tab in Burp, and then select "Options." Click on the current interface, and select "Edit." In the popup that appears, select the option for "All Interfaces." Here, take note of the port number (8080) as well as the VPN IP Address (10.11.3.2). We'll need these later when we configure the APN settings on the Virtual Machine. If you want to check that the IP Address is accurate, you can quickly run ifconfig in Terminal to validate it.

Select "OK," then select "Yes" for "Listen on all interfaces," and then "Allow" on "Accept all incoming network connections."

2. Export CA Certificate

On the same Proxy -> Options screen, export your CA Certificate and save this to our desktop for easy upload.

3. Upload CA Certificate

Switch over to your Corellium virtual device screen and go to the Files tab. In Files, navigate to Mnt -> Sdcared -> Download folder, and upload the CA Certificate there.

4. Install CA Certificate

Connect to Display on the virtual device screen, and navigate to the virtual device's Settings app. In Settings, go to Security -> Encryption and credentials -> Install a certificate -> CA certificate. Here, click the top-left menu icon, and select Downloads. Then, select the your certificate.

5. Configure APN

Navigate back to the Settings app home page and select Network and internet -> Mobile Network -> Advanced -> Access Point Names -> Select the network. Here, enter the IP Address from Step 1 in the Port and Proxy fields, then click Save.

6. Validate

To validate Burp is intercepting traffic, do a quick web search in the virtual device's Webview. You will see the request in Burp, and then as you forward the request you will see the the VM respond.

That's all there is to it! Thanks for taking the time to watch the video, and happy virtualizing!

Info
Latest NewsChecking Suspicious Links with Corellium

© Corellium 2021

Privacy