Charles SSL Proxy works for chrome but not for the apps

Question

I'm using Nexus 5X device running Android 7. I failed to setup the proxy using the recent instructions from Charles Proxy documentation. I installed certificate, but wifi settings or nugat are extended. I can set charles as a certificate but that won't let me connect to that wifi (authentication problem). So I leave it as "don't check correctness". I don't even know if that's relevant.

The thing is when I try to sniff on my app https calls I see SSLHandshake: Received fatal alert: certificate_unknown However if I run a web client using chrome on the same device - I can read calls to the same api.

The bottom line is it works for a browser but not for my app. I checked on other apps aswell. Same output.

The reason I ask here is because maybe I have to add some unsafe client to my retrofit api setup - hopefully not.

I'm getting the same issue - did you manage to find a solution? — kassim, Dec 03 '16 at 16:58

score 3 · Answer 1 · answered Jul 27 '17 at 17:03

Here is how you need to configure you apk in order to make CharlesProxy work in Android 7.

Android

As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.

In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

<network-security-config> 
  <debug-overrides> 
    <trust-anchors> 
      <!-- Trust user added CAs while debuggable only -->
      <certificates src="user" /> 
    </trust-anchors> 
  </debug-overrides> 
</network-security-config>

Then add a reference to this file in your app's manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <applicationandroid:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

Here you can find more details:

https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

After making above changes, it will may give you error of as no attribute as "networksecurityconfig", that will be solved by - setting your compileSdkVersion to 24 or higher and set your buildToolsVersion to 24.0.0 or higher. — Sidharth Taneja, Jun 04 '18 at 13:00
I can't change the apk source code. So is there any solution ? — Plugie, Jul 15 '18 at 03:00

Alexander Köhn · Answer 2 · 2017-04-26T05:53:38.503

-1

In Charles, select Help -> SSL Proxying -> Install Charles Root Certificates in IOS Simulators, close the iOS Simulator and restart the simulator. It should work now.

edited Apr 26 '17 at 05:53

answered Dec 29 '16 at 21:03

Alexander Köhn

89
4

Charles SSL Proxy works for chrome but not for the apps

2 Answers2