Unlock flashing capabilities on the phone:

adb reboot bootloader
fastboot flashing unlock

Confirm unlock when prompted and boot.

Install latest Magisk apk (https://magiskmanager.com/downloading-magisk-manager):

adb install magisk.apk

Download matching Settings > About > Build number image (RQ1A.201205.008 or similar) from https://developers.google.com/android/images#sunfish

Extract boot.img from zip within zip and push it:

adb push boot.img /sdcard/Download/boot.img

Use magisk to patch boot.img and download it from the phone:

adb pull /sdcard/Download/magisk-modified-boot.img

Reboot back into fastboot:

adb reboot fastboot

Flash boot with magisk modified magisk-modified-boot.img:

fastboot flash boot /path/to/magisk-modified-boot.img
fastboot reboot

Verify that you have root on the device:

adb shell
sunfish:$ su
sunfish:/ # id
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
sunfish:/ #

Install Magisk module Move Certificates and reboot the phone.

Add burp.der to USER certificates, which will be auto copied to SYSTEM certificates

adb push burp.der /sdcard/Download/burp.cer

And we’re in business!

You should be able to intercept all system communication using Burp.