Android Emulator intercepting SSL Traffic

[Dimitrios Kapsalis <dimitrios () gmail com>]

The android emulator appears to have strict SSL enforced and thus is
limiting my ability to test traffic of my application through burp proxy
and other proxies.

Given my understanding, the android device and emulator have a trusted
cacerts store on the device similar to that which is part of the JRE. By
adding the certificate authority proxy cert to the cacerts then the proxy
should be able to view the SSL traffic as the certificate checks would
pass.

I've performed the below steps and still my app's traffic is not visible in
burp proxy. Any tips or ideas?

1. Start up the emulator
2. Use adb to pull the cacerts.bks file from /system/etc/security
3. Use keytool with the bouncycastle jar (bcprov-1.44.jar) as the cacerts
is using BKS as the store type
4. Use keytool to list the certificate based on the alias provided during
import, the cert is then listed correcty.
5. Mounted /system as read/write on the emulator and pushed the updated
cacerts.bks to the emulator.
6. Used mkfs.yaffs2.arm to make a system.img
7. Pulled system.img from emulator and replaced it as the image for the
emulator to load from. This is required to persist the updates as the
emulator would not "remember" the cacert store I provided it.
8. Test application.

thanks!

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com