Prerequisites
- Burp suite
- Android SDK platform-tools (adb)
- gmsaas CLI tool
Step 1 – Setting up Burp Suite
- In Burp Suite, go to the Proxy tab
- Click on Proxy Settings
Here, we will choose to listen to port 8080 from all interfaces:

- Click import/export CA certificate > Export > Certificate in DER format
- Choose a path and name it anything with a .der extension
- Click Next
Note
We will use the name Burp_cert.der
as an example for this tutorial.
Step 2 – Upload and install the Burp Suite Certificate
- Launch an instance.
- Drag’n drop the Burp_cert.der file you generated to the device display, or use the File upload widget.
- Go to Android Settings and search install a certificate. In the results, click Install certificates from SD Card and select CA certificate. Click install anyway to bypass the warning.
- Navigate to
/sdcard/Download
and click on Burp_cert.der. - If you are using Android 9 or below, you may be requested to set a secure lock screen. Comply and set a lock:

To verify whether the certificate is properly installed, go to Android settings, search and click Trusted credentials. You should see the certificate in the USER tab:

Warning
This method alters the Android system significantly and may break the device. Use with extreme care and only if necessary!
Important
Installing System certificates on Android 14+ requires Magisk 23.0 and a third party plugin.
1. Root the device
Android 14 and above images are not rooted by default, so make sure that the device is rooted before going any further. Please refer to Genymotion SaaS on-line documentation for more details.
2. Install Magisk
Follow the instructions from our FAQ to install Magisk: How to install Magisk on Genymotion?
3. Install the certificate as user certificate
Follow the instructions from the tab “as user certificate”
4. Install the Cert-Fix plugin for Magisk
- Download
Cert-Fixer.zip
from Cert-Fixer github repository. - Upload the file to the device. You can either use
adb push Cert-Fixer.zip /sdcard/Download
or simply drag’n drop the file to the device display. - Open Magisk and go to the Plugins section.
- Click “Install from storage” and select
Cert-Fixed.zip
from the Download folder (/sdcard/Download) - Wait for the plugin to install. When done, click “Reboot” to reboot the device.
After a reboot, the Burp Suite CA certificate (“PortSwigger CA”) should now be installed as a system certificate:
Warning
The Cert-Fix plugin will copy all your user certificate as system certificate on boot. If you don’t need to install any other system certificates, make sure to disable the plugin to avoid installing system certificates by mistake.
1. Root the device
Android 12-13 images are not rooted by default, so make sure that the device is rooted before going any further. Please refer to Genymotion SaaS on-line documentation for more details.
2. Convert the certificate
We need to convert the Burp certificate into PEM format. Use openssl
to convert DER to PEM, then output the subject_hash_old
:
openssl x509 -inform DER -in Burp_cert.der -out Burp_cert.pem
openssl x509 -inform PEM -subject_hash_old -in Burp_cert.pem |head -1
Then, rename the file with the output hash from the last command. For example, if the hash is 9a5ba575
, then rename the file as 9a5ba575.0
:
mv Burp_cert.pem 9a5ba575.0
3. Install the certificate
You will need ADB and gmsaas CLI to proceed. Please refer to gmsaas CLI on-line documentation for more information.
We need to make the /system partition writeable and push the certificate to the /system/etc/security/cacerts
folder:
# switch to root
adb root
# remount the system with write permission
adb shell 'mount -o rw,remount /'
# upload the certificate
adb push <cert>.0 /system/etc/security/cacerts/
# Change the certificate permissions
adb shell chmod 644 /system/etc/security/cacerts/<cert>.0
For example, with the 9a5ba575.0
certificate:
adb root
adb shell 'mount -o rw,remount /'
adb push 9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
Reboot the device.
After the device has rebooted, browsing to Settings -> Security -> Trusted Credentials should show the new “Portswigger CA” as a system trusted CA:
1. Convert the certificate
We need to convert the Burp certificate into PEM format. Use openssl
to convert DER to PEM, then output the subject_hash_old
:
openssl x509 -inform DER -in Burp_cert.der -out Burp_cert.pem
openssl x509 -inform PEM -subject_hash_old -in Burp_cert.pem |head -1
Then, rename the file with the output hash from the last command. For example, if the hash is 9a5ba575
, then rename the file as 9a5ba575.0
:
mv Burp_cert.pem 9a5ba575.0
2. Install the certificate
You will need ADB and gmsaas CLI to proceed. Please refer to gmsaas CLI on-line documentation for more information.
We need to make the /system partition writeable and push the certificate to the /system/etc/security/cacerts
folder:
# remount the system with write permission
adb remount
# upload the certificate
adb push <cert>.0 /system/etc/security/cacerts/
# Change the certificate permissions
adb shell chmod 644 /system/etc/security/cacerts/<cert>.0
For example, with the 9a5ba575.0
certificate:
adb remount
adb push 9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
Reboot the device.
After the device has rebooted, browsing to Settings -> Security -> Trusted Credentials should show the new “Portswigger CA” as a system trusted CA:
Step 3 – Save as a Custom Recipe
We recommend saving the device as a custom recipe at this point.
Step 4 – Set Android global proxy to Burp Suite proxy
Important
If the global proxy is still set after saving the device as a custom recipe, or if you save the recipe at this point, Wifi will be unavailable the next time a device is started from this recipe. To avoid this, make sure to unset the global proxy before saving. See Step 5 – Disable global proxy section.
If you haven’t already done it, connect the device to ADB with gmsaas.
Next, use ADB to set port 3333 but you can use any other port as long as it is available:
adb shell settings put global http_proxy localhost:3333
Finally, bind Burp proxy to the device proxy configuration with adb reverse
. We setup Burp suite to use port 8080, so we will bind the device pxoxy to this port:
adb reverse tcp:3333 tcp:8080
From there, your instance network should be intercepted by Burp suite.
Step 5 – Disable global proxy
If you need to save the instance, make sure to disable the global proxy before or the Internet connection may be disabled the next time you start it:
adb shell settings put global http_proxy :0