<![CDATA[Vijith's Blog | Application Security | Product Security | Bug bounty]]>https://www.vijithvellora.inRSS for NodeSun, 12 Apr 2026 13:35:03 GMT60<![CDATA[📱 Installing a Certificate into Android's System Trust Store (Root Required)]]>https://www.vijithvellora.in/installing-a-certificate-into-androids-system-trust-store-root-requiredhttps://www.vijithvellora.in/installing-a-certificate-into-androids-system-trust-store-root-requiredTue, 29 Apr 2025 13:37:03 GMTAre you trying to intercept HTTPS traffic on Android using tools like Burp Suite or Charles Proxy, but facing SSL certificate issues or pinning? Here's a simple guide to help you import and install a custom certificate (like Burp’s CA cert) into your Android system — step by step.

⚠️ This requires root access on the Android device and is intended for testing purposes only. Do this on a rooted test device or emulator.

🔧 Why Install a Certificate?

By default, Android doesn't trust self-signed or custom certificates. To make the device trust your proxy tool (e.g., Burp Suite), you need to install its CA certificate into the system trusted certificate store, not just user-installed ones. That’s because many apps (especially those using SSL pinning) ignore user-installed certs.

🛠️ What You Need

  • A rooted Android device or emulator

  • A self-signed certificate (e.g., Burp’s cacert.der)

  • adb installed and configured

  • openssl installed (comes with most Linux/macOS; use Git Bash on Windows)

âś… Step-by-Step Guide

Step 1: Convert the Certificate from DER to PEM

openssl x509 -inform DER -in cacert.der -out cacert.pem

Step 2: Generate the Subject Hash

openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1

Rename the PEM file using the hash:

mv cacert.pem abcd1234.0

Step 3: Push the Certificate to Your Android Device

adb push abcd1234.0 /sdcard/

Step 4: Remount the System Partition

adb shell
su
mount -o rw,remount /system

Step 5: Move the Certificate to System CA Store

cp /sdcard/abcd1234.0 /system/etc/security/cacerts/

Step 6: Set Proper Permissions

chmod 644 /system/etc/security/cacerts/abcd1234.0
reboot

🎉 Done!

Now Android trusts your custom certificate at the system level. You should be able to intercept HTTPS traffic from most apps using tools like Burp Suite or Charles Proxy.

🔑 How SSL Certificate Trust Works on Android

  1. System Certificate Store
    When you install a certificate in /system/etc/security/cacerts/ (i.e., system CA store), Android treats it as trusted by the OS. So any app that relies on the system trust anchors (i.e., does not do pinning) will trust it automatically.

  2. User Certificate Store
    Certificates added via Settings → Security → Install from storage are added to the user CA store. Since Android 7 (Nougat), apps don’t trust user certificates by default unless explicitly configured with <networkSecurityConfig>.

âś… When SSL Pinning Does Work Properly

If an app:

  • Uses libraries like TrustKit, OkHttp with CertificatePinner, or native code with SSLContext pinning.

  • Pins the public key or certificate fingerprint explicitly.

  • Validates certs inside the code logic and does not rely on Android’s default trust manager...

... then your interception will fail, even with a system-installed cert. You'll see SSL handshake failures or connection timeouts.

]]><![CDATA[How to Fix "frida-ps: command not found" Error on [macOS]]]>https://www.vijithvellora.in/how-to-fix-frida-ps-command-not-found-error-on-macoshttps://www.vijithvellora.in/how-to-fix-frida-ps-command-not-found-error-on-macosWed, 12 Mar 2025 12:43:56 GMTIf you've recently installed Frida tools on your Mac and encountered the following error when running frida-ps -Ua:

-bash: frida-ps: command not found

Don't worry! This common issue occurs because the Frida tools are installed in a local Python directory that's not yet added to your system's PATH. Here's a quick step-by-step guide on how to fix it.

Step 1: Verify Frida Tools Installation

First, ensure that Frida tools are installed correctly. Run this command in your terminal:

pip3 install frida-tools

If you see output similar to this:

Requirement already satisfied: frida-tools in ./Library/Python/3.9/lib/python/site-packages (13.6.1)

This means Frida tools are already installed.

Step 2: Locate the Python User Scripts Directory

Next, find out where Python installed the scripts by running:

python3 -m site --user-base

You should see output like this:

/Users/your_username/Library/Python/3.9

The scripts (including frida-ps) are typically stored inside a bin folder under this directory:

/Users/your_username/Library/Python/3.9/bin

Step 3: Add the Directory to Your PATH

To make sure your system recognizes the frida-ps command, add this directory to your PATH environment variable.

Open your shell configuration file (~/.bash_profile, ~/.zshrc, or ~/.bashrc) and add this line at the end:

export PATH=$PATH:/Users/your_username/Library/Python/3.9/bin

Replace your_username with your actual Mac username.

Save and close the file.

Step 4: Reload Your Shell Configuration

To apply changes immediately, run:

source ~/.bash_profile  # or ~/.zshrc depending on your shell

Step 5: Verify That It Worked!

Now run this command again:

frida-ps -Ua

If everything worked correctly, you should now see a list of processes or applications without any errors!

Screenshots of the Error and Fix

Error Screenshot (Before Fix):

Mac:~ user$ frida-ps -Ua
-bash: frida-ps: command not found

Correct Output (After Fix):

Mac:~ user$ frida-ps -Ua
 PID  Name
----  -------------------------
1234  Safari
5678  Mail
...

That's it! You've successfully resolved the "frida-ps command not found" error on macOS.

]]>