In this video, I'm going to show you how to install the Android Studio and then install multiple phones. But not only that, I'm going to show you how to root them. So, in this example, I've got Android 12, which is rooted. In the middle, I've got Android 13, and on the right, I've got Android 16. I've installed a bunch of phones in Android Studio, and I'm going to show you how to do that. But I'll also show you how to root them so that you have extra functionality so that you can do other things that are possible with a rooted phone that are not possible with a phone that's not rooted. Now, some people don't like this method where I install an application, but you could also use ADB to open up a shell to your device. So, I'm opening up a shell here. If I type pwd, notice where I am. LS shows me directories. This is not Windows. I am in the Android phone. And what I can do now is type su to get root privileges. So who am I shows that I am currently root. So if you've set up the Android emulator properly and rooted it properly, you'll be able to check root this way. Or you can do it using an application such as root checker. Use the timestamps in the video to jump to the portion of the video that you're most interested in. I'm also going to show you some interesting options on how to intercept traffic using Burp Suite. So, how to, as an example, go to the settings of the Android phone, go to Wi-Fi and internet, and then use a proxy server to intercept traffic. So in this example I am going to set my proxy server to 1921 1681118 port is going to be 8080 and I'll save that and that's because over here I have set this proxy server in burpswuite what that allows me to do is intercept traffic. So if I open up an app such as McDonald's over here, that traffic is going to be intercepted by Burpswuite and I can see what's going on. So notice a whole bunch of traffic is sent. We've got traffic sent to Facebook, a whole bunch of tracking sites. So what I'll do here is select all that traffic and forward it on. I'll close this and go to more as an example. Go to nutrition information. Notice bunch of data is transmitted. Token information is sent. Forward that along. Let's go to burgers. As you can see here, country code is UK. Bunch of information is being captured here. I'll just forward all of these. I'll select Big Mac here for that traffic. And as you can see here, some nutrition information is displayed like 200% beef patties. If I go to HTTP history and look at the request and response, you can see 200% beef patties, a slice of cheese, lettuce, onion, and pickles, exactly as you see over here. So, I can intercept some traffic from this Android phone. There are many reasons to root an Android phone, including an emulator like this. One of them could be penetration testing. You may want to try and reverse engineer an application. You may want to change options and just have more features on an Android phone. Corsera has some of the best courses in the world. Two of my favorites are AI for everyone by Andrew Ang and Python for Everybody by Dr. Chuck. But did you know that they also have cyber security courses from well-known companies such as Google, Microsoft, and IBM. Use my link below to register for the Google Cyber Security Professional Certificate. We're told that this gets us on the fast track to a career in cyber security. In this certificate program, you'll learn in- demand skills and get AI training from Google experts. Learn at your own pace. No degree or experience required. Microsoft Cyber Security Analyst Professional Certificate. Launch a career as a cyber security analyst. Build job ready skills and must-h have AI skills for an in- demand career and earn a credential from Microsoft. IBM cyber security analyst professional certificate. build job ready skills and prep for the compete security plus exam with this program. So if you're interested in becoming a security analyst, ethical hacker or cyber security engineer, Corsera's cyber security programs help learners gain hands-on experience really important to get hands-on experience with industry tools such as Splunk, which is now owned by Cisco, Microsoft Defender, and IBM Q Radar. You'll learn critical security concepts like threat detection, incident response, and risk management. You'll also earn certificates from top companies and universities that are recognized by employers. Now, cyber security is one of the fastest growing fields with over 700,000 vacant positions in the US alone and millions more globally. Companies need people like you to help them protect themselves from hackers. So, launch your cyber security career today. Use my link below and start your journey with Corsera. I highly recommend Corsera. They have fantastic courses as I've mentioned. I've used them for many, many years and so has my team. What I'm going to do once again is show you how to root an Android phone. I'll show you how to do basic interception like this. It doesn't work for all applications. You have to do more work if you have certificate pinning enabled on an application. So, what I've got here is a new laptop that doesn't have Android Studio installed. I've moved the other laptop here. So, let's install Android Studio on this laptop and get our phones up and running as well as rooted. Now, before I install Android Studio, just be aware that you need at least 16 gig of RAM on your laptop to run this effectively. More RAM is better. So, rather have a laptop with more RAM. 16 or more is what we found works best. So, first thing you need to do is go to developer.android.com/ android.com/studio and then click download Android Studio. Now you have to agree to the terms and conditions. So read those and then click I have read and agree with the above terms and conditions and then click download to download Android Studio. Okay. So once that's downloaded, open it up. I've actually previously downloaded it in preparation for this video. It's about 1.3 gig in size. So double click on the executable. Okay. We asked, do we want to allow the app to make changes to this device? And the answer is yes. So now we can go through the Android Studio setup wizard. Very easy. I'm going to click next. I'm going to click next again. Next again, and click install. You could obviously change some of the options if you prefer to do that, but I'm going with the defaults. [Music] Okay. So there you go. Installation has completed. I'll click next. and I'll start Android Studio by clicking finish. I'm not going to send statistics to Google. It starts downloading available SDKs. I'm going to click next to set up my environment. I'm going to go with the standard environment. I'm going to click next. Click next again to verify settings. I'm going to accept the license agreement and click finish. It now downloads various components. You can have a look at those details if you want to, but what we'll do at this point is speed up the video. You simply need to wait for the download to complete. [Music] Okay, so there you go. Our Android virtual device was successfully created. I'll click finish. We are welcomed to the Android Studio, but I'm going to go to more actions here and click virtual device manager. And notice by default an Android 16 phone has been installed. Now you can add phones by going to plus for example medium phone clicking next and then selecting the version of Android that you want to run. In my previous example I showed you multiple versions of Android. So as an example I could select API 34 which is Android 14. Select this image and click finish to download that image. So, you would decide which images you want to download. By default, at the time of this recording, Android 16 is downloaded and installed, but in this example, I'm now downloading an older version of Android. That allows you to run multiple phones and test different options with different phones. Okay, so API 34, Android 14 has been installed. So, I'll click finish here. As you can see, I've got two phones. I've got one with API 36 and one with API 34. So, let's start up the latest version of Android. That's Android 16. So, I'll click play. And as you can see there, the AVD is starting. Sometimes, in my experience, it goes off screen. So, I'll just move it here to get it in screen. So, here is my Android emulator. The phone that's starting up is Android 16. So, as you can see, the phone is booting up. And there you go. We've got an Android phone booted up. I will go to settings. So I'll scroll down and go to about emulated device. And as you can see there, we've got Android 16 installed on this phone. Okay, so we've got the phone installed, but now we need to root it. Now to root the phone, we need root AVD. But before I do that, let's check that the device is connected. So I'll go to C drive users David app data local Android SDK platform tools and in this directory I'm going to run PowerShell. So in here I'm going to run ADB devices and as you can see this emulator is currently attached. So that's good. Now the next thing we need to do is we need to make sure that we have get installed. So we can use this command to download and install Git. So I've opened up PowerShell in my downloads directory and I'll install Git using Windgate. [Music] Okay, so the software is now installed. The next step is to download Root AVD. You can find this project on getlab.com. As always, just a warning again. You are installing software like this at your own risk. So, don't just download this unless you've verified that you're happy to use it. I'm happy to do that. So, I'm going to clone that and install it. So, in my root AVD directory, I'm going to use the command root AVD list all AVDs. Now, in this example, I'm seeing Android 36 and Android 34. I only have those two phones installed, but you may have other phones installed. So, older versions of Android. So, you need to choose the right one for the version of Android that you're going to be rooting. So, I'm going to root this phone, which is Android 36. That's the one currently running. So, I'm going to use the command root 36. So, I'm going to copy that and run it. So dot slash the command rootabd bat and the image that needs to be rooted. So what should happen if everything goes successfully is it should root the phone and then the emulator should reboot. So you can see Magiska is being installed. Various changes are being made to the Android emulator. Okay. So we're told trying to shut down the AVD. If that doesn't happen, do it manually. But mine just shut down. So on my Android 16 device, I'm going to click play to start it up again. So the AVD is starting. Phone is booting up now. Okay. So what we need to do now, really important step is to go to Magisk and open it up. And we're told that this requires additional setup. So I'm going to click okay. This will make a change and then restart the AVD if you like or the Android device. The AVD is rebooting. Okay. So hopefully it's now rooted. Okay. So what we can do to check whether we have root is as an example go to see users your username in my case David app data local Android SDK platform tools and check if the device is connected. As you can see it is and then we can open up a shell. So as you can see we have a shell open now. So if I type pwd you can see where we are. We're in the root directory. There's our various files. Who am I? Shows that I am shell. But what we can do now is use su to become root. So if I type who am I, I am root. Now another option is to simply use the root checker app which I've demonstrated previously. I need to log into the play store to download that and use it. So you need to log into the play store and then what I'm going to do is search for root checker and I'm going to download that software. 50 million downloads of this software at the time of this recording. So, lots of people have used this. So, I'll click open. I want to allow it to send notifications. Consent. I'm going to manage my options here and uncheck a bunch of so-called legitimate interests. Click confirm choices. Agree. And then select verify route. So again, you might not want to use this software, but I'm going to give it the right to check. And as you can see there, root access is properly installed on this device, Android 16. So this brand new Android emulator is installed and is also rooted. Okay, so there you go. I've now shown you how to install Android Studio. I've shown you how to download various virtual devices or virtual phones or AVDs and I've shown you how to root it. What I'm going to show you now is just a little bit extra. I've gone to port swigger and I'm going to download the community edition of Burpswuite which allows me to intercept traffic using a proxy server and do a whole bunch of other things. I'm going to go straight to downloads and download the community edition for Windows 64-bit. As you can see there, it's busy downloading. So, now that it's downloaded, I'll double click on the executable. Now, we told that I've already got this installed. Do I want to update it? And I'm going to say yes. In your example, you would simply install a new version of Burpuite. Okay. So, installation has finished. And what I can do now is run Burpswuite. Because this is the community edition, I can't save anything. So, I'm going to simply start it up. And I'm going to go to proxy proxy settings. Click add. I'm going to bind it to a specific IP address. 192.1683. Port 8080 is what I'll use. And I'll save those settings. So, Burpuite on the left now. Now, before I turn interception on the Android phone, I need to go to the Burp Suite server and download a certificate. So, I'm going to go to 192.1681 183 port 8080. Again, that is the IP address that we configured in Burp. I'm going to click CA certificate and I'm going to download the certificate. I'm going to keep it even though I'm warned about it. Now, you can't install it this way. We have to go through settings. So, the certificate is not installed. So, that's fine. So, I'm going to go to my settings. I'm going to go to security and privacy on this version of Android. I'm going to go to more security and privacy settings. And I'm going to go to encryption and credentials. Install a certificate. It's going to be a CA certificate. I'm going to install it anyway. even though I'm warned that the problem here is someone could read my information. I'll select the certificate and notice it's now installed. So if I go back to trusted certificates user certificates, you can see that thatert is now installed. So what I can do now is set up my Android phone to use that proxy server. So I'll go to network and internet. Look at my Wi-Fi network. Click on this little pencil here. Go to advanced options. I'm going to set a proxy to manual. So the proxy here is 1921 1681 183 port is 8080. You need to type that out even though it shows that information and click save. So hopefully now if I go to a website such as davidbombell.com we'll be capturing information. But what I'll do is turn intercept on and let's try that again. So google.com. There you go. Something has been captured now. So what I have found is sometimes it takes a while or there problems and you might have to do the process again. So sometimes doesn't work perfectly. You might have to shut the virtual machine down and start it up again. So I'll start it up again. And what I'll do as well is start up Burp in case there's a problem there. If you do start this again with a community edition, you need to put in the information once again because it gets lost. So, under proxy, proxy settings, add specific IP address 192.1681 183, port 8080. Click okay. And I'm going to turn interception on. So, I'll open up a browser. And as you can see there, stuff's happening. So, I'll forward the traffic. Let's go to google.com again. As you can see, there's a get for Google. For that, bunch of other requests are being made. So, we've got a bunch of stuff going to Google. I'll forward it all for this all. And as you can see, a lot of traffic sent to various places just when you navigate to google.com. So, let's go to another website like collie.org. As you can see, a bunch of stuff sent here, but there at the bottom is collie.org. I'll forward all of that. Forward that. And notice the website displays. I'll do a search for let's say Android on Google. So Android Studio. As you can see, huge amount of stuff is being sent to Google when we just do a simple search like that. But eventually we see something like this. And if I click android studio, notice there developerandroid.com/studio. I'll forward all of that. Even more data sent. But there you go. we can see the Android Studio show up. So if I turn off interception and go to HTTP history and scroll all the way down, notice a lot of traffic sent and received. So request and response traffic from the phone. Okay, so I've shown you in this video how to download Android Studio, how to download various phones or AVDs, how to route them, and I've shown you some additional stuff such as Burp Suite and interception of traffic using certificates. In subsequent videos, I'll show you more options specifically with certificates and interception of traffic to bypass certificate pinning, but this video is long enough we'll cover that in a separate video. I'm David Bombell. Want to wish you all the very