[英]Unable to view HTTPS requests in Charles Proxy with Android
I am trying to debug an app on the Google Playstore so that I can see the requests that it is sending out.我正在尝试在 Google Playstore 上调试一个应用程序,以便我可以看到它发出的请求。 I've set up Charles Proxy on my computer to help me do so, but I am having issues with viewing requests sent out with https.
我已经在我的计算机上设置了Charles Proxy来帮助我这样做,但是我在查看使用 https 发送的请求时遇到了问题。 My steps are listed below.
我的步骤如下。
My Computer:我的电脑:
Manjaro Linux Manjaro Linux
My Phone:我的手机:
Google Pixel 4a谷歌像素 4a
Android 11 Android 11
Not rooted未扎根
My Settings:我的设置:
Using Charles v4.6.1使用查尔斯 v4.6.1
Proxy Settings代理设置
SSL Proxying Settings SSL 代理设置
My Access Control Setting's contain my phone's IP.我的访问控制设置包含我手机的 IP。
My Phone Settings:我的手机设置:
Proxy Settings代理设置
Certificate证书
Here are my steps to allow the app use SSL through charles:以下是我允许应用通过 charles 使用 SSL 的步骤:
<network-security-config>
inside the network security xml.<network-security-config>
内添加以下行。<debug-overrides>
<trust-anchors>
<certificates src="user"/>
</trust-anchors>
</debug-overrides>
I do not get any errors at any step though this list.通过此列表,我在任何步骤都没有收到任何错误。
Here is a screenshot of my view in Charles .这是我在 Charles 中的视图的屏幕截图。
Thank you in advance, and please let me know if you need any more details.提前谢谢您,如果您需要更多详细信息,请告诉我。
Your network config there is within <debug-overrides>
, which only applies for debug builds.您的网络配置在
<debug-overrides>
中,仅适用于调试版本。 Did you build the application in debug mode, or for production?您是在调试模式下构建应用程序,还是在生产环境中构建应用程序? If you don't build in debug mode then that config won't apply.
如果您不在调试模式下构建,则该配置将不适用。
You probably want to use <base-config>
instead, which applies to all builds, not just debug builds.您可能想改用
<base-config>
,它适用于所有构建,而不仅仅是调试构建。 There's a full example here: https://httptoolkit.tech/docs/guides/android/#if-you-dont-have-a-custom-network-security-config .这里有一个完整的例子: https://httptoolkit.tech/docs/guides/android/#if-you-dont-have-a-custom-network-security-config 。
If that doesn't work, then it's likely that there's some certificate pinning in place in the application code itself, independent of the network security settings.如果这不起作用,那么很可能在应用程序代码本身中存在一些证书固定,与网络安全设置无关。 To fix that you'll need to manually edit the code itself.
要解决这个问题,您需要手动编辑代码本身。 You can also try using https://github.com/shroudedcode/apk-mitm which has a selection of automated patches that disable many common manual pinning implementations for you.
您还可以尝试使用https://github.com/shroudedcode/apk-mitm ,它有一系列自动补丁可以为您禁用许多常见的手动固定实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.