Automating Android + MITMProxy, Injecting the Proxy Cert

Page content

I’ve created a bash script to get, and then inject an MITMProxy cert into an Android Emulator This presumably works with an actual device, but untested as I don’t currently have one. This process assumes that you have a running Android emulator, the adb tools installed, and a MITMProxy running. It will grab the cert from the proxy, use it to create the file needed, and insert it into the Android device.


#!/bin/bash

proxyhost="127.0.0.1"
proxyport="8080"

# if this script fails, do not leave a pem file (the wrong one!) for other processes to use
rm mitmproxy-ca-cert.pem 2> /dev/null

show_help(){
  echo "Get Cert file from proxy, create and inject cert hash into attached android device."
  echo ""
  echo "No arguments supplied"
  echo "Usage: $0 [-h proxyhost] [-p proxyport]"
  echo "Defaults to $proxyhost:$proxyport"
}

# loop through the command line options
while getopts "h:p:?" opt; do
      case $opt in
        h)  proxyhost=$OPTARG
            ;;
        p)  proxyport=$OPTARG
            ;;
        \?)
            show_help
            exit 1
            ;;
      esac
done
shift $((OPTIND -1))

# get the pem from the proxy server
echo "Downloading Cert (pem) file from url http://mitm.it/cert/pem on proxy $proxyhost:$proxyport"
curl --proxy $proxyhost:$proxyport mitm.it/cert/pem > mitmproxy-ca-cert.pem

# get the hash of the pem file for use as the file name to put on the android device
echo "Setting CERT_HASH"
CERT_HASH="$(openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.pem | head -1)"
echo "CERT_HASH=$CERT_HASH"

# export the PEM data into the file
echo "Exporting pem data to file $CERT_HASH.0"
openssl x509 -inform PEM -text -in mitmproxy-ca-cert.pem -out /dev/null >> $CERT_HASH.0

# get root on android
# note: this does not work on google PLAY (prod) images, only google API (debug) images
adb root
adb remount

# put the new cert info on the android device
echo "adb push $CERT_HASH.0 /system/etc/security/cacerts/"
adb push $CERT_HASH.0 /system/etc/security/cacerts/
echo "adb shell 'chmod 644 /system/etc/security/cacerts/$CERT_HASH.0'"
adb shell "chmod 644 /system/etc/security/cacerts/$CERT_HASH.0"
echo "adb shell 'ls -l /system/etc/security/cacerts/$CERT_HASH.0'"
adb shell "ls -l /system/etc/security/cacerts/$CERT_HASH.0"
echo "rebooting..."
adb reboot