Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Cyber Security Group

Android Application Security Assessments - Part 3: Starting Your Emulator And Configuring Your Proxy

Created: 10 Jan 2012 • Updated: 18 Jan 2012 • 1 comment
Christopher.Emerson's picture
+5 5 Votes
Login to vote

You now should have a working test environment with all of the primary assessment tools.  Time to create our Android Virtual Device (AVD) and connect it via proxy!

Create an AVD

To start, you will want to run the android file (located in the ‘tools/’ directory).  This will launch the Android SDK and AVD Manager.

  • Linux: $ ./android
  • Windows: C:\>android

            Click on ‘Virtual Devices’ (if it is not already selected) in the menu on the left.

            On the far right, press the “New” button.

            Fill in the data for your new AVD (this can vary based on your own personal needs):
                       Name: testingavd
                       Target: Android 2.3.3, API 10
                       SD Card: Optional.  (We will leave this blank)
                       Snapshot:  Checked
                       Skin: Default (WVGA800)
                       Hardware Support:  You can select additional hardware support if it is necessary for testing your application.  I have found this occurs VERY rarely.

            Select the packages to download.
                       Check the box next to ‘Android SDK Platform-tools, revision x
                       Check the box next to the Android SDK Platform you would like to emulate.
                           (You can always repoen the Android SDK and AVD Manager and download more Android SDK Platforms later).
                       Press the ‘Create AVD’ button.
                       Press ‘OK’.

            Close out of the Android SDK and AVD Manager.

Like magic, you have your first Android Virtual Device!

Now, before we start our emulator, we will want to spin up our proxy.  If you aren’t looking to capture requests, you can skip this step.

Starting your proxy

Double-click your BURP jar file to start your proxy (or use the command line to launch the proxy).

Within BURP, there are a few settings you will want to confirm:

Proxy Listeners:
Under the ‘Proxy’ > ‘Option’ tab, you will want to ensure you have a proxy listener running.  If you are having network issues with your application, one thing to try is the ‘support invisible proxying for non-aware clients.’  For now, we will leave that option unchecked.

Upstream Proxy Servers:
If you are working in a corporate environment, you will likely have a proxy server standing between you and that dangerous Internet.  In this case you will want to go to the ‘Options’ tab (not to be confused with the ‘Proxy’ > ‘Options’ tab), and scroll down to ‘Upstream Proxy Servers.”  

Enter the settings for your proxy server and you should be set!

Starting your AVD

OK, merely having an AVD isn’t enough.  You need it running.  This is fairly simple.

You should now see your AVD!
          Note: I have seen it take several minutes to start an AVD, particularly on older systems or VMs with little RAM.

If you find that you are having troubles connecting to the Internet, you can close out of your AVD and reload it, excluding the '-http-proxy http://127.0.0.1:8080' portion of the command.  That will help you to determine if your proxy is the cause of your issues.

The above method is, in my opinion, the most consistent way to get your AVD to recognize your BURP proxy.  If that does not work for you, you can always try setting it within the AVD:

Home > Menu > Settings > Wireless & networks > Mobile Networks > Access Point Names.

Here you can configure the Proxy Settings.
         Name:
         APN:
         Proxy:
         Username:
         Password:

There are still a few other ways of setting up the Proxy, but the two described here are the most reliable.

Next time we will get your target application installed!

Comments 1 CommentJump to latest comment

NickW's picture

Keep 'em coming Chris - great stuff. 

-Nick Wade
Group Product Manager
Enterprise Mobility & Security
-------------------------------------------
Symantec Corporation
-------------------------------------------

+1
Login to vote