nuts7
diff --git a/‎SUMMARY.md
+2-2 b/‎SUMMARY.md
+2-2
diff --git a/‎mobile-pentesting/android-app-pentesting/README.md
+1-1 b/‎mobile-pentesting/android-app-pentesting/README.md
+1-1
diff --git a/‎mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
-109 b/‎mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
-109
diff --git a/‎mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
+5-51 b/‎mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
+5-51
@@ -287,19 +287,19 @@
   * [ADB Commands](mobile-pentesting/android-app-pentesting/adb-commands.md)
   * [APK decompilers](mobile-pentesting/android-app-pentesting/apk-decompilers.md)
   * [AVD - Android Virtual Device](mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md)
-  * [Burp Suite Configuration for Android](mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md)
   * [Bypass Biometric Authentication (Android)](mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md)
   * [content:// protocol](mobile-pentesting/android-app-pentesting/content-protocol.md)
   * [Drozer Tutorial](mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md)
     * [Exploiting Content Providers](mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md)
-  * [Exploiting a debuggeable applciation](mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md)
+  * [Exploiting a debuggeable application](mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md)
   * [Frida Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/README.md)
     * [Frida Tutorial 1](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md)
     * [Frida Tutorial 2](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md)
     * [Frida Tutorial 3](mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md)
     * [Objection Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md)
   * [Google CTF 2018 - Shall We Play a Game?](mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md)
   * [Inspeckage Tutorial](mobile-pentesting/android-app-pentesting/inspeckage-tutorial.md)
+  * [Install Burp Certificate](mobile-pentesting/android-app-pentesting/install-burp-certificate.md)
   * [Intent Injection](mobile-pentesting/android-app-pentesting/intent-injection.md)
   * [Make APK Accept CA Certificate](mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md)
   * [Manual DeObfuscation](mobile-pentesting/android-app-pentesting/manual-deobfuscation.md)
 
@@ -454,7 +454,7 @@ It's recommended to **apply SSL Pinning** for the sites where sensitive informat
 ### Inspecting HTTP traffic
 
 First of all, you should (must) **install the certificate** of the **proxy** tool that you are going to use, probably Burp. If you don't install the CA certificate of the proxy tool, you probably aren't going to see the encrypted traffic in the proxy.\
-**Please,** [**read this guide to learn how to do install a custom CA certificate**](android-burp-suite-settings.md)**.**
+**Please,** [**read this guide to learn how to do install a custom CA certificate**](avd-android-virtual-device.md#install-burp-certificate-on-a-virtual-machine)**.**
 
 For applications targeting **API Level 24+ it isn't enough to install the Burp CA** certificate in the device. To bypass this new protection you need to modify the Network Security Config file. So, you could modify this file to authorise your CA certificate or you can [**read this page for a tutorial on how to force the application to accept again all the installed certificate sin the device**](make-apk-accept-ca-certificate.md).
 
 
@@ -230,59 +230,13 @@ adbd cannot run as root in production builds
 
 Using [rootAVD](https://github.com/newbit1/rootAVD) with [Magisk](https://github.com/topjohnwu/Magisk) I was able to root it (follow for example [**this video**](https://www.youtube.com/watch?v=Wk0ixxmkzAI) **or** [**this one**](https://www.youtube.com/watch?v=qQicUW0svB8)).
 
-## Install Burp certificate on a Virtual Machine
+## Install Burp Certificate
 
-First of all you need to download the Der certificate from Burp. You can do this in _**Proxy**_ --> _**Options**_ --> _**Import / Export CA certificate**_
+Check the following page to learn how to install a custom CA cert:
 
-![](<../../.gitbook/assets/image (367).png>)
-
-**Export the certificate in Der format** and lets **transform** it to a form that **Android** is going to be able to **understand.** Note that **in order to configure the burp certificate on the Android machine in AVD** you need to **run** this machine **with** the **`-writable-system`** option.\
-For example you can run it like:
-
-{% code overflow="wrap" %}
-```bash
-C:\Users\<UserName>\AppData\Local\Android\Sdk\tools\emulator.exe -avd "AVD9" -http-proxy 192.168.1.12:8080 -writable-system
-```
-{% endcode %}
-
-Then, to **configure burps certificate do**:
-
-{% code overflow="wrap" %}
-```bash
-openssl x509 -inform DER -in burp_cacert.der -out burp_cacert.pem
-CERTHASHNAME="`openssl x509 -inform PEM -subject_hash_old -in burp_cacert.pem | head -1`.0"
-mv burp_cacert.pem $CERTHASHNAME #Correct name
-adb root && sleep 2 && adb remount #Allow to write on /syste
-adb push $CERTHASHNAME /sdcard/ #Upload certificate
-adb shell mv /sdcard/$CERTHASHNAME /system/etc/security/cacerts/ #Move to correct location
-adb shell chmod 644 /system/etc/security/cacerts/$CERTHASHNAME #Assign privileges
-adb reboot #Now, reboot the machine
-```
-{% endcode %}
-
-Once the **machine finish rebooting** the burp certificate will be in use by it!
-
-## Install Burp Certificate with Magisc
-
-If you **rooted your device with Magisc** (maybe an emulator), and you **can't follow** the previous **steps** to install the Burp cert because the **filesystem is read-only** and you cannot remount it writable, there is another way.
-
-Explained in [**this video**](https://www.youtube.com/watch?v=qQicUW0svB8) you need to:
-
-1. **Install a CA certificate**: Just **drag\&drop** the DER Burp certificate **changing the extension** to `.crt` in the mobile so it's stored in the Downloads folder and go to `Install a certificate` -> `CA certificate`
-
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" width="164"><figcaption></figcaption></figure>
-
-* Check that the certificate was correctly stored going to `Trusted credentials` -> `USER`
-
-<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt="" width="334"><figcaption></figcaption></figure>
-
-2. **Make it System trusted**: Download the Magisc module [MagiskTrustUserCerts](https://github.com/NVISOsecurity/MagiskTrustUserCerts) (a .zip file), **drag\&drop it** in the phone, go to the **Magics app** in the phone to the **`Modules`** section, click on **`Install from storage`**, select the `.zip` module and once installed **reboot** the phone:
-
-<figure><img src="../../.gitbook/assets/image (2) (1) (1) (1).png" alt="" width="345"><figcaption></figcaption></figure>
-
-* After rebooting, go to `Trusted credentials` -> `SYSTEM` and check the Postswigger cert is there
-
-<figure><img src="../../.gitbook/assets/image (3) (1) (1) (1).png" alt="" width="314"><figcaption></figcaption></figure>
+{% content-ref url="install-burp-certificate.md" %}
+[install-burp-certificate.md](install-burp-certificate.md)
+{% endcontent-ref %}
 
 ## Nice AVD Options