Configure WSA (Windows Subsystem for Android) for Pentest

Configure_WSA_for_Pentest.md

Configure WSA (Windows Subsystem for Android) for Pentest

Install WSA with Megisk

Follow the instructions to install WSA with Megisk and GooglePlay services. MagiskOnWSALocal

Install following Modules in Magisk

Download following modules for Magisk.

• MagiskFrida: A Magisk module that automatically runs frida server at boot
• magic_overlayfs: Make system partition become read-write

Install required Apps

Microsoft Launcher - For Launcher to access apps like settings etc. ProxyDroid - For Global proxy

BurpSuite Certificates

1. Connect to ADB adb connect 127.0.0.1:58526 Note: Make sure developer mode is enabled in WSA settings

2. After connecting Convert and push the certificate file to WSA.

   1. openssl x509 -inform DER -in burp.der -out burp.pem
   2. openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -n -1 Output result will be something like 9a5ba575.0
   3. Rename the certificate mv burp.pem 9a5ba575.0
   4. Transfer the certificate file to WSA adb push 9a5ba575.0 /data/local/tmp/
   5. Open shell adb shell
   6. Change user to root su
   7. Remount all overlayfs to read-write magic_remount_rw
   8. Copy the certificate to the system certificates directory cp /data/local/tmp/9a5ba575.0 /system/etc/security/cacerts/
   9. Restore all system partitons back to read-only magic_remount_ro
   10. Reboot Emulator and check if the brup certificate is visible under System certs in android settings.

3. Open Microsoft Launcher → Settings → Security → Encryption & Credentials → Install a certifcate. Then browse and select brup.cer file and click install anyway.

4. Reboot WSA using Turn off button in WSA App or using Magisk. After reboot check PortSwigger's certificate under Trusted System Credentials.

thank you for the write up, this is very helpful, can you make a tutorial on how to set up BurpSuite proxy listener to intercept WSA. kinda stuck in here

Hi @IrvanWijayaSardam,

Just install the ProxyDroid app in WSA and set your BurpSuite listener to All interfaces. Then set the IP address of any interface of your host, which must be reachable from WSA in the ProxyDroid App, and turn on the proxy switch.

ProxyDroid:

BurpSuite:

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated.

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated.

I faced the same issue. But using kernelsu instead, solved the problem.

@l1roun Its working fine for me I'm using Magisk v26.4 with Magical OverlyFS v3.2.2 by HuskyDG

did you manage to run mobsf dynamic analysis (mobile security framework) with wsa?

@h1roun @omair2084 There's an issue with the ZIP that HuskyDG released for version 3.2.2.
If you compile the latest yourself (easy, just follow the readme), and zip the files in the output folder, you can install it on version 27.0.

And just adding to this write-up, you don't really need the third step to install the certficiate via the UI...
If you want to access the WSA device settings to confirm the cert was installed, you can use this: adb shell am start -n com.android.settings/.Settings

@h1roun @omair2084 There's an issue with the ZIP that HuskyDG released for version 3.2.2. If you compile the latest yourself (easy, just follow the readme), and zip the files in the output folder, you can install it on version 27.0.

And just adding to this write-up, you don't really need the third step to install the certficiate via the UI... If you want to access the WSA device settings to confirm the cert was installed, you can use this: adb shell am start -n com.android.settings/.Settings

Thankyou, this works. Just fork and run actions.