Burpsuite+ Night God Simulator captures app packets (Android 7 and above)

Foreword:
If you directly install the certificate on Android 7 or above, the Yeshen Simulator cannot successfully capture the https data package of the app, because Android 7 no longer trusts the certificate installed by the user by default, so you need to use adb to import the certificate into the system for installation. Let's take Yeshen Android 9 as an example.

1. Openssl conversion certificate format

1. Export the burp certificate to the desktop


2. Install the openssl environment
openssl is used to convert the certificate format, the following is the method of installing openssl on windows, just use the exe installation method:

https://blog.csdn.net/sunhuansheng/article/details/82218678

3. Convert the certificate format
1) Enter in the cmd command line mode:

openssl x509 -inform DER -in cacert.der -out cacert.pem

2) Calculate the certificate MD5 value:

openssl x509 -inform PEM -subject_hash_old -in cacert.pem

3) Rename the certificate to: 9a5ba575.0

2. Create an emulator for Android 9

Open the Yeshen Simulator Assistant, follow the steps below to add an Android 9 emulator and start it:

3. Use adb to upload the certificate to the emulator

In order to facilitate everyone's operation, here you can directly use the adb tool that comes with Yeshen, so as to avoid various problems when you install it yourself.
1. Right-click the Yeshen emulator, open the location of the file, and nox_adb.exe is the tool that needs to be used. At this time, you can also copy the certificate 9a5ba575.0 you just created to this folder, so that you can upload it later

2. Open cmd in the current directory, enter the following command to view the device information, as shown in the figure, it is normal, and then upload the certificate

nox_adb.exe devices
nox_adb.exe push 9a5ba575.0 /sdcard/

3. Then remount the /partition
system directory in read-write mode (rw), the default is read-only permission, only through this method can there be write permission, and the certificate can be imported into the system directory.

nox_adb.exe shell
mount -o remount,rw /system 

4. Copy the certificate to the system security directory and give read and write permissions, then reboot and restart the emulator

cp /sdcard/9a5ba575.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/9a5ba575.0
reboot

4. Verification

1. Burpsuite listens to the ip and port 8888 of the machine (my machine is 192.168.0.106)

2. The Yeshen emulator agent is also set to 192.168.0.106:8888

3. Take the Netease Youdao dictionary app as an example, it can be captured normally The data package indicates that the installation was successful:

Finally, some APPs have already done protection, such as anti-proxy and anti-simulator. This way, the package cannot be caught, and it is not a problem of certificate installation. If the above steps are followed, the Youdao Dictionary app can capture the package normally, indicating that the certificate has been installed successfully.