stackoom
  简体   繁体   中英

Charles Proxy + Android HTTPS

 原文  2017-04-30 02:06:57       android/ security/ ssl/ https/ charles-proxy

Question

So here are some similar but outdated answers that might have helped me few years/months ago:

Why can't I see http or https traffic from Chrome Browser for Android on Charles Proxy?

How to get charles proxy work with Android 7 nougat?

I followed all of the instructions, I can read http requests fine, but not https requests. Still can't figure what I am doing wrong. There isn't much of my own to post since I have just followed the above guides.

I think the main issue is how do I force the app I am trying to debug to use my certificate? The manifest modifications don't seem to do the trick.

3 answers

solution1
 0 ACCPTED  2017-06-06 23:56:56

See this question which has updated answers for Charles 4 and Android 7.

  • You must install the cert from Charles help menu, and you must use Settings -> Security -> Install from storage on device.

  • Your app needs a network_security_config.xml

  • You must use a debuggable app

solution2
 0  2021-04-01 07:28:43

For those who look for more recent Android Release (8,9,10 or ++) + CharlesProxy 4.6

Can refer this guidethrough ...

solution3
 0  2021-04-06 08:40:13

From Android N+, it requires extra steps to make it works.

1.Add res/xml/network_security_config.xml to your project. 

<network-security-config>
<debug-overrides>
    <trust-anchors>
        <!-- Trust user added CAs while debuggable only -->
        <certificates src="user" />
        <certificates src="system" />
    </trust-anchors>
</debug-overrides>

<base-config cleartextTrafficPermitted="true">
    <trust-anchors>
        <certificates src="system" />
    </trust-anchors>
</base-config>

<domain-config>
    <!-- Make sure your URL Server here -->
    <domain includeSubdomains="true">your_production_domain</domain>
    <trust-anchors>
        <certificates src="user"/>
        <certificates src="system"/>
    </trust-anchors>
</domain-config>

=> Make sure you replace your_production_domain with the domain that you would intercept

2.Add to AndroidManifest.xml 

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
    ...
    </application>
</manifest>

If you could not make it works, you can check out the sample code , which has all configuration.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to view HTTPS requests in Charles Proxy with Android How to analyze https traffic from Android 6 emulator with Charles Proxy Charles Proxy with Genymotion: monitoring https -> unreadable response Not able to run HTTPS content with Charles proxy on android emulator , even after installing certificate Charles Proxy not working for Android version above 7.0? How to get charles proxy work with Android 7 nougat? Charles proxy in non debuggable flavour of Android app How to setup Android Lollipop emulator with Charles Proxy? Android emulator is not able to trust Charles proxy certificate Charles Proxy blocking SSL traffic on Android
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM