Installing Android-x86 on Proxmox and Proxying to BurpSuite

In this post, I show you how to set up an Android-x86 VM in Proxmox and proxy the entire system through BurpSuite.
In: Home Lab, Proxmox, Android, Mobile, Attack, Computer Networking

Downloading the Android-x86 ISO

The official site for the Android-x86 project can be found here:

Android-x86 - Porting Android to x86
Android-x86 is an Android Open Source Project licensed under Apache Public License 2.0. Some components are licensed under GNU General Public License (GPL) 2.0 or later.

Click on the Download button and choose your preferred mirror. I will be using the FOSSHUB mirror, and grabbing a copy of the Android-x86 64-bit ISO file.

Once the file is downloaded, transfer to your ISO storage on your Proxmox node.

Setting Up the VM

Create the VM

Right-click your Proxmox node and click Create VM.

General Settings

OS Settings

System Settings

Disk Settings

CPU Settings

Memory Settings

Network Settings

I'm putting mine in a lab environment behind a firewall, adjust your settings accordingly

Confirm and Create

Confirm your settings and create the VM.

Power On and Configure the VM

Install Android-x86 to Disk

Create/Modify partitions
Primary > Then, click Enter on the default size
Make the partition bootable
Write the partition > Then, enter 'yes'

If all goes well, you should see the Android splash screen. Don't panic if it hangs there for a minute. If it's taking more than a few minutes, there may be a problem with your installation.

Configure the Operating System

See al Wi-Fi networks

Android will attempt to check for updates upon connecting to the network. So, allow internet access during the initial setup.

I'll choose Don't Copy here, as I don't want to restore to this instance
You can sign in with a Google account here, or skip if you don't care about Google Play services.
I'll disable backups
Disable location services
Disable diagnostics
Set a protection method now, as you're going to need it later anyway.
Choose your preferred launcher
Congrats! You've installed Android-x86!

Enable Android Debug Bridge (ADB) over TCP/IP

Console View vs GUI

You can press ALT + F1 to open the root console on your Android-x86 instance. This terminal is running as root, conveniently allowing you to make any necessary modifications to the system.

You can press ALT + F7 to return to the Android GUI.

Enable Remote ADB

setprop service.adb.tcp.port 5555
stop adbd
start adbd

Connecting to ADB via TCP/IP

I will scan TCP/5555 from my Kali VM to make sure that ADB is running and that I can access it.

Now, I'll connect to the ADB interface from Kali.

adb connect
adb shell
Demonstrating system shell access over remote ADB
adb disconnect

Setting Up the Proxy Environment

Create an External-Facing Proxy

In Burp, go to Proxy > Options and Add a proxy listener.

Set your TCP port and choose the specific address Android-x86 should talk to

Importing the BurpSuite CA Certificate

Export the CA Certificate

We need to do this to tell Android to trust the proxy when connecting to sites using TLS.

In Burp, go to Proxy > Options > Import/export CA certificate.

Save the file wherever you please

Now, we need to convert the .der certificate to Base64 format. Here is an example command. Adjust your paths accordingly.

openssl x509 -inform der -in ~/Downloads/burpsuite.der -out ./burpsuite.pem

Convert the file to burpsuite.pem and save it in the current directory

Transfer the Certificate to Android-x86

I'm in the directory where the burpsuite.pem file is stored and I start a web server, so I can easily download the file using the Chrome browser on Android.

Back on Android-x86, I open the Chrome browser and download the file.

Installing the CA Certificate on Android

Open the settings app on your Android-x86 instance and go to Security & location.

Encryption & credentials
Install from SD card
Enter your PIN to import
Enter a name for the certificate and click OK

Android System-Wide HTTP Proxy

ADB Command

The adb shell ... syntax is for running ad-hoc shell commands through ADB. If you've already got an interactive shell open on Android-x86 through ADB, then just cut off the adb shell part.

Issue this ad-hoc shell command to point Android-x86 at your Burp proxy:

adb shell settings put global http_proxy

Change your IP and TCP port as needed

To remove the system-wide HTTP proxy:

adb shell settings delete global http_proxy

Testing the Proxy

I've got BurpSuite open and intercepting HTTP traffic.

Press Enter
Catch the request

More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.