Skip to content

Instantly share code, notes, and snippets.

@shariqmalik
Last active July 31, 2024 06:58
Show Gist options
  • Save shariqmalik/438362ae5a3d14331eb3cd1f7ca4fc06 to your computer and use it in GitHub Desktop.
Save shariqmalik/438362ae5a3d14331eb3cd1f7ca4fc06 to your computer and use it in GitHub Desktop.
Configure WSA (Windows Subsystem for Android) for Pentest

Configure WSA (Windows Subsystem for Android) for Pentest

Install WSA with Megisk

Follow the instructions to install WSA with Megisk and GooglePlay services. MagiskOnWSALocal

Install following Modules in Magisk

Download following modules for Magisk.

Install required Apps

Microsoft Launcher - For Launcher to access apps like settings etc. ProxyDroid - For Global proxy

BurpSuite Certificates

  1. Connect to ADB adb connect 127.0.0.1:58526 Note: Make sure developer mode is enabled in WSA settings

  2. After connecting Convert and push the certificate file to WSA.

    1. openssl x509 -inform DER -in burp.der -out burp.pem
    2. openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -n -1 Output result will be something like 9a5ba575.0
    3. Rename the certificate mv burp.pem 9a5ba575.0
    4. Transfer the certificate file to WSA adb push 9a5ba575.0 /data/local/tmp/
    5. Open shell adb shell
    6. Change user to root su
    7. Remount all overlayfs to read-write magic_remount_rw
    8. Copy the certificate to the system certificates directory cp /data/local/tmp/9a5ba575.0 /system/etc/security/cacerts/
    9. Restore all system partitons back to read-only magic_remount_ro
    10. Reboot Emulator and check if the brup certificate is visible under System certs in android settings.
  3. Open Microsoft LauncherSettingsSecurityEncryption & CredentialsInstall a certifcate. Then browse and select brup.cer file and click install anyway.

  4. Reboot WSA using Turn off button in WSA App or using Magisk. After reboot check PortSwigger's certificate under Trusted System Credentials.

@shariqmalik
Copy link
Author

shariqmalik commented Jan 6, 2024

Hi @IrvanWijayaSardam,

Just install the ProxyDroid app in WSA and set your BurpSuite listener to All interfaces. Then set the IP address of any interface of your host, which must be reachable from WSA in the ProxyDroid App, and turn on the proxy switch.

ProxyDroid:

image

BurpSuite:

image

@h1roun
Copy link

h1roun commented Feb 14, 2024

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated.
Screenshot 2024-02-14 020629

@omair2084
Copy link

After installing the magisk_overlayfs module, Magisk has stopped working, and I am unsure why. I have attempted various solutions, but the issue persists. Any assistance would be greatly appreciated. Screenshot 2024-02-14 020629

I faced the same issue. But using kernelsu instead, solved the problem.

@shariqmalik
Copy link
Author

@l1roun Its working fine for me I'm using Magisk v26.4 with Magical OverlyFS v3.2.2 by HuskyDG
image
image

@mahmozilla
Copy link

mahmozilla commented Apr 21, 2024

did you manage to run mobsf dynamic analysis (mobile security framework) with wsa?

@liorbp
Copy link

liorbp commented Jul 18, 2024

@h1roun @omair2084 There's an issue with the ZIP that HuskyDG released for version 3.2.2.
If you compile the latest yourself (easy, just follow the readme), and zip the files in the output folder, you can install it on version 27.0.

And just adding to this write-up, you don't really need the third step to install the certficiate via the UI...
If you want to access the WSA device settings to confirm the cert was installed, you can use this: adb shell am start -n com.android.settings/.Settings

@xfwil
Copy link

xfwil commented Jul 31, 2024

@h1roun @omair2084 There's an issue with the ZIP that HuskyDG released for version 3.2.2. If you compile the latest yourself (easy, just follow the readme), and zip the files in the output folder, you can install it on version 27.0.

And just adding to this write-up, you don't really need the third step to install the certficiate via the UI... If you want to access the WSA device settings to confirm the cert was installed, you can use this: adb shell am start -n com.android.settings/.Settings

Thankyou, this works. Just fork and run actions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment