Android Emulator Setup for PenTest Using Android Studio

Welcome to the definitive guide on setting up your Android emulator for penetration testing using Android Studio!

In this tutorial, I’ll walk you through the entire process of configuring an emulator, from creation to rooting and beyond. Whether you’re a seasoned developer or just starting out, this step-by-step guide is designed to provide you with all the tools and knowledge needed to prepare your Android emulator for advanced security testing.

I’ll begin by creating a virtual device in Android Studio, using a Pixel 3 with Android 11, and proceed through rooting the device with rootAVD, enabling USB debugging, and installing necessary certificates and servers for comprehensive testing.

Get ready to unlock the full potential of your Android emulator and dive into the world of penetration testing with confidence!

STEP 1 — CREATE ANDROID DEVICE

1. Open android studio or download at https://developer.android.com/studio

2. Open virtual device manager

3. Create Device

4. Run the device

STEP 2 — Root the Device (make sure the emulator is running)

1. Install rootAVD at https://github.com/newbit1/rootAVD
2. Extract rootAVD.zip
3. Go inside rootAVD-master folder, type “cmd” and hit “Enter”

4. Run this command “rootAVD.bat ListAllAVDs”

5. Scroll down until you find “..\ramdisk.img”

6. Copy and paste the previous command

7. Wait until the emulator is closed and reopen using “Cold Boot Now”

8. Open Magisk app and hit “OK” if there is a pop up.

9. Use “adb” to check whether you have root access, or not.

Hit “GRANT”

STEP 3 — Enable USB Debugging (if needed)

1. Open “Settings” and go to “Build number”

2. Left click build number few times until you see “you are now a developer” message

3. Go to “Developer options” to adjust the debugging configuration

STEP 4 — Install Burp Certificate as System

1. Open burp suite -> Proxy -> Proxy Settings -> Import / export CA certificate -> Certificate in DER format -> hit “Next” and save to any folder you want with “cacert.crt” name

2. Download this file https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases

3. Open “Files” -> drag & drop cacert.crt and AlwaysTrustUserCerts.zip to install it in emulator

4. Install certificate as user. Open setting -> security -> Advanced -> Encryption & Credential -> Install a certificate -> ca certificate -> “install anyway” -> go to “Downloads” and click the “cacert.crt”

5. Install cert to system. Open Magisk -> Modules -> Install from storage -> go to “Downloads” and click AlwaysTrustUserCerts.zip -> Reboot

STEP 5 — Install Frida-server

1. Run this command “adb shell getprop ro.product.cpu.abi”

2. Install frida-server in https://github.com/frida/frida/releases according to the device specification

3. Extract the .xz file using 7zip

4. (Optional) rename the <frida-server> into “frida-server”

5. Run this command “adb push <frida-server-name> /data/local/tmp/”

6. Run “adb shell” -> go to “/data/local/tmp” -> run this command “chmod +x <frida-server-name>”

7. Run frida-server on background

8. Start using frida

Your android emulator is ready to be used !

Happy Hacking !!!