Installing Android-x86 on Proxmox and Proxying to BurpSuite

In this post, I show you how to set up an Android-x86 VM in Proxmox and proxy the entire system through BurpSuite.
Installing Android-x86 on Proxmox and Proxying to BurpSuite
In: Home Lab, Proxmox, Android, Mobile, Attack, Computer Networking

Downloading the Android-x86 ISO

The official site for the Android-x86 project can be found here:

Android-x86 - Porting Android to x86
Android-x86 is an Android Open Source Project licensed under Apache Public License 2.0. Some components are licensed under GNU General Public License (GPL) 2.0 or later.

Click on the Download button and choose your preferred mirror. I will be using the FOSSHUB mirror, and grabbing a copy of the Android-x86 64-bit ISO file.

Once the file is downloaded, transfer to your ISO storage on your Proxmox node.





Setting Up the VM

Create the VM

Right-click your Proxmox node and click Create VM.

General Settings

OS Settings

System Settings

Disk Settings

CPU Settings

Memory Settings

Network Settings

I'm putting mine in a lab environment behind a firewall, adjust your settings accordingly

Confirm and Create

Confirm your settings and create the VM.





Power On and Configure the VM

Install Android-x86 to Disk

Create/Modify partitions
No
New
Primary > Then, click Enter on the default size
Make the partition bootable
Write the partition > Then, enter 'yes'
Quit
OK
ext4
Yes
Yes
Yes
Reboot

If all goes well, you should see the Android splash screen. Don't panic if it hangs there for a minute. If it's taking more than a few minutes, there may be a problem with your installation.





Configure the Operating System

Start
See al Wi-Fi networks
VirtWifi

Android will attempt to check for updates upon connecting to the network. So, allow internet access during the initial setup.

I'll choose Don't Copy here, as I don't want to restore to this instance
You can sign in with a Google account here, or skip if you don't care about Google Play services.
I'll disable backups
Disable location services
Disable diagnostics
Set a protection method now, as you're going to need it later anyway.
Choose your preferred launcher
Congrats! You've installed Android-x86!





More Current Android Release

ℹ️
I'm linking this here, as the Android version running Android-x86 is quite dated. So if you're looking for something more current and not necessarily worries about the Burp Suite part of the project, check out the Bliss OS write-up.
Proxmox: Running Bliss OS
In this tutorial, we will look at the process of running Bliss OS in the Proxmox hypervisor, making it convenient to run Android apps from your home lab server.





Enable Android Debug Bridge (ADB) over TCP/IP

Console View vs GUI

You can press ALT + F1 to open the root console on your Android-x86 instance. This terminal is running as root, conveniently allowing you to make any necessary modifications to the system.

You can press ALT + F7 to return to the Android GUI.





Enable Remote ADB

setprop service.adb.tcp.port 5555
stop adbd
start adbd





Connecting to ADB via TCP/IP

I will scan TCP/5555 from my Kali VM to make sure that ADB is running and that I can access it.

Now, I'll connect to the ADB interface from Kali.

adb connect 10.9.9.51:5555
adb shell
Demonstrating system shell access over remote ADB
adb disconnect 10.9.9.51:5555





Setting Up the Proxy Environment

Create an External-Facing Proxy

In Burp, go to Proxy > Options and Add a proxy listener.

Set your TCP port and choose the specific address Android-x86 should talk to





Importing the BurpSuite CA Certificate

Export the CA Certificate

We need to do this to tell Android to trust the proxy when connecting to sites using TLS.

In Burp, go to Proxy > Options > Import/export CA certificate.

Save the file wherever you please

Now, we need to convert the .der certificate to Base64 format. Here is an example command. Adjust your paths accordingly.

openssl x509 -inform der -in ~/Downloads/burpsuite.der -out ./burpsuite.pem

Convert the file to burpsuite.pem and save it in the current directory





Transfer the Certificate to Android-x86

I'm in the directory where the burpsuite.pem file is stored and I start a web server, so I can easily download the file using the Chrome browser on Android.

Back on Android-x86, I open the Chrome browser and download the file.





Installing the CA Certificate on Android

Open the settings app on your Android-x86 instance and go to Security & location.

Advanced
Encryption & credentials
Install from SD card
Enter your PIN to import
Enter a name for the certificate and click OK





Android System-Wide HTTP Proxy

ADB Command

ℹ️
The adb shell ... syntax is for running ad-hoc shell commands through ADB. If you've already got an interactive shell open on Android-x86 through ADB, then just cut off the adb shell part.

Issue this ad-hoc shell command to point Android-x86 at your Burp proxy:

adb shell settings put global http_proxy 10.0.0.2:8800

Change your IP and TCP port as needed

To remove the system-wide HTTP proxy:

adb shell settings delete global http_proxy





Testing the Proxy

I've got BurpSuite open and intercepting HTTP traffic.

Press Enter
Catch the request

More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.