Setting Up an Android Device for Root Access and HTTPS Traffic Interception via Burp Suite

Enabling Developer Options and USB Debugging

First, enable developer mode and allow USB debugging:

1. Go to Settings → About phone → tap MIUI version 5 times
2. Then open Settings → Additional settings → Developer options and enable:
• USB debugging
• Install via USB

Bootloader Unlocking

The longest step is unlocking the bootloader — it's mandatory to get root access.

1. Go to Settings → Additional settings → Developer options → Mi Unlock status
2. Link your Mi account, insert a SIM card, and enable mobile data
3. After successful binding, download the official Xiaomi Unlock Tool and log in
4. Click Unlock

If everything is correctly configured, a message will appear saying that you need to wait 168 hours (7 days).

After 168 hours, re-run the unlock tool and proceed with unlocking.

Installing Magisk and Gaining Root Access

After unlocking the bootloader:

1. Download Magisk (.apk) directly on the device and install it
2. Open Magisk — if Superuser and Modules sections are inactive, you don't have root yet

Patching boot.img with Magisk

1. Go to Settings → About phone and note your full MIUI version (e.g., 12.5.6.0 RCDMIXM)
2. Visit Official HyperOS & MIUI ROM Download: latest version for Xiaomi, Mi, Redmi, POCO and search for your ROM version
3. Download the Fastboot version of the firmware
4. From the extracted firmware, copy the file images/boot.img to your device’s internal storage
5. In Magisk → Install, check Patch a boot image file, and select boot.img
6. The patched file will appear as magisk_patched-*.img in the Download folder
7. Copy it from the device to your PC

Flashing the Patched Boot Image

1. Extract both the firmware and the patched boot.img into the root of C:\
2. You may also include the original boot.img in case you need to restore it later
3. Reboot the phone into Fastboot mode:
• Using ADB:
  

  adb reboot bootloader

• Or manually: power off the phone, then hold Power + Volume Down
4. Launch the Boot_Installer script:
• Choose 1 to flash magisk_patched.img
• Optional: 2 to restore the stock boot.img)

After that, the device will reboot automatically.

Verifying Root Access

1. Open Magisk, go to settings (gear icon), enable Zygisk, and reboot
2. In Magisk → Superuser, grant root access to the shell
3. Connect the device to your PC and run:



adb shell
su
id
> uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0

Adding Burp's Certificate

1. Convert the Burp certificate to the Android format:

openssl x509 -inform DER -in burp_cert.der -out burp_cert.pem
openssl x509 -inform PEM -subject_hash_old -in burp_cert.pem | head -1

Suppose the resulting hash is 1a2b3c4d, rename the file:

mv burp_cert.pem 1a2b3c4d.0

2. Copy the certificate to the device and add it to the trusted store:

adb push 1a2b3c4d.0 /sdcard/
adb shell
su
mkdir -m 700 /data/certs
cp /system/etc/security/cacerts/* /data/certs/
mount -t tmpfs tmpfs /system/etc/security/cacerts
mv /sdcard/1a2b3c4d.0 /system/etc/security/cacerts/
mv /data/certs/* /system/etc/security/cacerts/
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/1a2b3c4d.0
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*

Capturing Traffic with Burp

On your Android device, go to Wi-Fi settings, enable manual proxy, and enter the local IP address of your computer with port 8080.

In Burp Suite, set the proxy to listen on all interfaces.

If the certificate is installed properly and Magisk is working — you'll begin seeing full HTTPS traffic from your device inside Burp.