KevCui/install-burp-cert-on-android.sh

## install-burp-cert-on-android.sh
#!/usr/bin/env bash
#
# Install Burp Suite certificate on Android device
#
# Usage:
#   ./install-burp-cert-on-android.sh
# Or
#   ./install-burp-cert-on-android.sh <exported_burp_cert_der_file>

# Precondition:
#   - If required Burp Suite certificate is from localhost, set proxy port to 8080
#   - Connect device and check adb devices

# Generate PEM certificate
[[ -z "${1:-}" ]] && curl -sS localhost:8080/cert -o ./ca.der || cp "$1" ca.der
openssl x509 -inform der -in ./ca.der -out ca.pem
hashed_name="$(openssl x509 -inform PEM -subject_hash_old -in ./ca.pem | head -1).0"
mv ca.pem $hashed_name

# Push PEM certificate to device
adb root
adb remount
adb push $hashed_name /system/etc/security/cacerts/
adb shell chmod 664 /system/etc/security/cacerts/$hashed_name
adb shell ls -la /system/etc/security/cacerts/$hashed_name

# Fix Chrome certificate transparency error
#  https://github.com/JelmerDeHen/MagiskBypassCertificateTransparencyError
spki="$(openssl x509 -in $hashed_name -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64)"
echo "chrome --ignore-certificate-errors-spki-list=$spki" > ./chrome_command
adb push ./chrome_command /data/local/chrome-command-line
adb shell chmod 555 /data/local/chrome-command-line
adb push ./chrome_command /data/local/android-webview-command-line
adb shell chmod 555 /data/local/android-webview-command-line
adb push ./chrome_command /data/local/webview-command-line
adb shell chmod 555 /data/local/webview-command-line
adb push ./chrome_command /data/local/content-shell-command-line
adb shell chmod 555 /data/local/content-shell-command-line
adb push ./chrome_command /data/local/tmp/chrome-command-line
adb shell chmod 555 /data/local/tmp/chrome-command-line
adb push ./chrome_command /data/local/tmp/android-webview-command-line
adb shell chmod 555 /data/local/tmp/android-webview-command-line
adb push ./chrome_command /data/local/tmp/webview-command-line
adb shell chmod 555 /data/local/tmp/webview-command-line
adb push ./chrome_command /data/local/tmp/content-shell-command-line
adb shell chmod 555 /data/local/tmp/content-shell-command-line
adb shell am force-stop com.android.chrome
adb shell settings put global debug_app com.android.chrome
# Check flag is correctely applied in chorme://version

# Cleanup
rm -f ca.der
rm -f $hashed_name
rm -f chrome_command

# Afetr execution:
#    - Reboot device: adb reboot
#    - Set proxy on device: adb shell settings put global http_proxy <IP>:8080
#    - Remove proxy on device: adb shell settings put global http_proxy :0
	#!/usr/bin/env bash
	#
	# Install Burp Suite certificate on Android device
	#
	# Usage:
	# ./install-burp-cert-on-android.sh
	# Or
	# ./install-burp-cert-on-android.sh <exported_burp_cert_der_file>

	# Precondition:
	# - If required Burp Suite certificate is from localhost, set proxy port to 8080
	# - Connect device and check adb devices

	# Generate PEM certificate
	[[ -z "${1:-}" ]] && curl -sS localhost:8080/cert -o ./ca.der \|\| cp "$1" ca.der
	openssl x509 -inform der -in ./ca.der -out ca.pem
	hashed_name="$(openssl x509 -inform PEM -subject_hash_old -in ./ca.pem \| head -1).0"
	mv ca.pem $hashed_name

	# Push PEM certificate to device
	adb root
	adb remount
	adb push $hashed_name /system/etc/security/cacerts/
	adb shell chmod 664 /system/etc/security/cacerts/$hashed_name
	adb shell ls -la /system/etc/security/cacerts/$hashed_name

	# Fix Chrome certificate transparency error
	# https://github.com/JelmerDeHen/MagiskBypassCertificateTransparencyError
	spki="$(openssl x509 -in $hashed_name -pubkey -noout \| openssl pkey -pubin -outform der \| openssl dgst -sha256 -binary \| openssl enc -base64)"
	echo "chrome --ignore-certificate-errors-spki-list=$spki" > ./chrome_command
	adb push ./chrome_command /data/local/chrome-command-line
	adb shell chmod 555 /data/local/chrome-command-line
	adb push ./chrome_command /data/local/android-webview-command-line
	adb shell chmod 555 /data/local/android-webview-command-line
	adb push ./chrome_command /data/local/webview-command-line
	adb shell chmod 555 /data/local/webview-command-line
	adb push ./chrome_command /data/local/content-shell-command-line
	adb shell chmod 555 /data/local/content-shell-command-line
	adb push ./chrome_command /data/local/tmp/chrome-command-line
	adb shell chmod 555 /data/local/tmp/chrome-command-line
	adb push ./chrome_command /data/local/tmp/android-webview-command-line
	adb shell chmod 555 /data/local/tmp/android-webview-command-line
	adb push ./chrome_command /data/local/tmp/webview-command-line
	adb shell chmod 555 /data/local/tmp/webview-command-line
	adb push ./chrome_command /data/local/tmp/content-shell-command-line
	adb shell chmod 555 /data/local/tmp/content-shell-command-line
	adb shell am force-stop com.android.chrome
	adb shell settings put global debug_app com.android.chrome
	# Check flag is correctely applied in chorme://version

	# Cleanup
	rm -f ca.der
	rm -f $hashed_name
	rm -f chrome_command

	# Afetr execution:
	# - Reboot device: adb reboot
	# - Set proxy on device: adb shell settings put global http_proxy <IP>:8080
	# - Remove proxy on device: adb shell settings put global http_proxy :0