- Download an x86 Android image (32 bits)
- Download the XposedInstaller APK (see at bottom of original post)
- Download the Xposed framework for SDK27 (Android 8.1)
VirtualBox is assumed.
- Create a new machine with
Type
Linux
andVersion
Linux ... 4.x (32-bit)
- Configure
System > Pointing Device
to usePS/2 Mouse
- Configure
Network > Attached to
toBridged Adapter
- Proceed with the instalation (no Google Account needed)
-
Enable Android Developer Options (
Settings > System > About tablet
and pressBuild number
seven times) -
Extract the Xposed framework ZIP file. You will have a
system
and aMETA-INF
directory -
Find the IP of the VM. A quick way to do it might be to
nmap <subnet>/24 -T5 -p5555 --open
-
Connect to the IP of the VM (
adb connect <ip>
) -
Push the
system
directory (adb push system /sdcard
) -
Push the files in
META-INF/com/google/android/
(adb push META-INF/com/google/android/* /sdcard
) -
Get a shell in the Android VM (
adb shell
) -
Escalate with
su
andcd /sdcard
-
Run
sh flash-script.sh
and you should get something like thisx86:/sdcard # sh flash-script.sh ************************************ Xposed Framework installer zip ************************************ - Mounting /system and /vendor read-write - Checking environment Xposed version: 90-beta3 Android version: 8.1 / SDK27 Platform: x86 - Placing files - Done ************************************ The first boot will take longer than usual, please wait a few minutes. ************************************
-
reboot
-
Install XposedInstaller (
adb install XposedInstaller_x.y.z.apk
) -
Reboot
-
Open XposedInstaller and validate it's green and says Xposed is active
-
That's it!
Installing Xposed modules is simple: just donwload and install the module's APK.
- Download the
JustTrustMe.apk
- Install the APK (
adb install ./JustTrustMe.apk
) - Check that JustTrustMe appears under Xposed's modules
- Activate JustTrustMe by checking its checkbox
- Reboot for the activation to take effect
To MITM the requests using a transparent proxy such as Owasp ZAP or Burp open a shell
, escalate with su
and add the following iptables
rules:
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -j DNAT --to <proxy_ip>:<proxy_port>
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 443 -j DNAT --to <proxy_ip>:<proxy_port>
Now if you open the application you wish to MITM you should see its traffic passing through the proxy.
settings put global stay_on_while_plugged_in 7
Download the Xposed framework for SDK27 (Android 8.1)
The download link is broken.
It should be https://dl-xda.xposed.info/framework/sdk27/x86/ for now.