Skip to content

Instantly share code, notes, and snippets.

@shariqmalik

shariqmalik/Configure_WSA_for_Pentest.md

Last active May 4, 2024 20:02
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save shariqmalik/438362ae5a3d14331eb3cd1f7ca4fc06 to your computer and use it in GitHub Desktop.
Save shariqmalik/438362ae5a3d14331eb3cd1f7ca4fc06 to your computer and use it in GitHub Desktop.
Download ZIP
Configure WSA (Windows Subsystem for Android) for Pentest
Raw
Configure_WSA_for_Pentest.md

Configure WSA (Windows Subsystem for Android) for Pentest

Install WSA with Megisk

Follow the instructions to install WSA with Megisk and GooglePlay services. MagiskOnWSALocal

Install following Modules in Magisk

Download following modules for Magisk.

Install required Apps

Microsoft Launcher - For Launcher to access apps like settings etc. ProxyDroid - For Global proxy

BurpSuite Certificates

  1. Connect to ADB adb connect 127.0.0.1:58526 Note: Make sure developer mode is enabled in WSA settings

  2. After connecting Convert and push the certificate file to WSA.

    1. openssl x509 -inform DER -in burp.der -out burp.pem
    2. openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -n -1 Output result will be something like 9a5ba575.0
    3. Rename the certificate mv burp.pem 9a5ba575.0
    4. Transfer the certificate file to WSA adb push 9a5ba575.0 /data/local/tmp/
    5. Open shell adb shell
    6. Change user to root su
    7. Remount all overlayfs to read-write magic_remount_rw
    8. Copy the certificate to the system certificates directory cp /data/local/tmp/9a5ba575.0 /system/etc/security/cacerts/
    9. Restore all system partitons back to read-only magic_remount_ro
    10. Reboot Emulator and check if the brup certificate is visible under System certs in android settings.

  3. Open Microsoft LauncherSettingsSecurityEncryption & CredentialsInstall a certifcate. Then browse and select brup.cer file and click install anyway.

  4. Reboot WSA using Turn off button in WSA App or using Magisk. After reboot check PortSwigger's certificate under Trusted System Credentials.

@IrvanWijayaSardam
Copy link

thank you for the write up, this is very helpful, can you make a tutorial on how to set up BurpSuite proxy listener to intercept WSA. kinda stuck in here

@shariqmalik
Copy link
Author

shariqmalik commented Jan 6, 2024
edited

Hi @IrvanWijayaSardam,

Just install the ProxyDroid app in WSA and set your BurpSuite listener to All interfaces. Then set the IP address of any interface of your host, which must be reachable from WSA in the ProxyDroid App, and turn on the proxy switch.

ProxyDroid:

image

BurpSuite:

image

@h1roun
Copy link

h1roun commented Feb 14, 2024

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated.
Screenshot 2024-02-14 020629

@omair2084
Copy link

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated. Screenshot 2024-02-14 020629

I faced the same issue. But using kernelsu instead, solved the problem.

@shariqmalik
Copy link
Author

@l1roun Its working fine for me I'm using Magisk v26.4 with Magical OverlyFS v3.2.2 by HuskyDG
image
image

@mahmozilla
Copy link

mahmozilla commented Apr 21, 2024
edited

did you manage to run mobsf dynamic analysis (mobile security framework) with wsa?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment