For users wanting to attempt Android application penetration testing, a key part of the process is gaining the ability to intercept the application’s network traffic for analysis.
This typically involves connecting the Android emulator to a tool such as Burp Suite, to act as a proxy between the application and the internet.
The article sets out the difficulties encountered when trying to do this, and provides solutions and workarounds for each one, enabling successful connection.
It assumes the user has already set up an Android emulator and installed Burp Suite, and keeps the scope limited to the example of a Windows system.
In order to resolve issues with the Burp Suite Proxy, the user must select the correct system image, successfully set up the proxy in Burp Suite, push the CA certificate to the emulator via the command line, and install it on the virtual device.
Lastly, the article flags that the user must also check that they have set the proxy settings both in the emulator and in the application on the emulator, before testing.
This enables the user to view the traffic captured in Burp Suite.