9

I am trying to proxy my phone running Android 7.1.2, to look at the gets and posts made through an app I'm working with. Using CharlesProxy 4.1.4, this is easily possible for iOS devices. However, the app functions differently on Android, and we want to know how.

I have configured my device to connect to Charles by entering the IP and Port, followed by navigating to chls.pro/ssl to get the CA certificate. Even on chrome, the certificate downloaded and installed without fault. I can see calls coming into Charles, but I cannot see any content of the call. Instead, it is listed as <unknown> stating SSLHandshake: Received fatal alert: certificate_unknown.

Is there another way I can actually trust this certificate? Or is there another way to successfully allow SSL with Android? Again, all of my settings work fine with iOS devices, so I do not need examples for that OS.

Thanks

tbw875
  • 359
  • 3
  • 5
  • 12
  • Do people just read through new questions trying to poke holes in it? Seems to be run of the mill here....I am not working with any code. I am trying to see calls made for a publicly accessible app that my company works with, but does not have control over. – tbw875 Jul 13 '17 at 14:35
  • "I am not working with any code" -- then your question is off-topic, as Stack Overflow is for programming questions. – CommonsWare Jul 13 '17 at 14:37
  • Did you install the ssl certificate for wifi, for apps or for both? I often have the same issue not always knowing where it comes from. It sometimes work the first time, sometimes not... – SeikoTheWiz Aug 21 '17 at 09:08

1 Answers1

22

As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.

In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

<network-security-config> 
    <debug-overrides> 
        <trust-anchors> 
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" /> 
        </trust-anchors> 
    </debug-overrides> 
</network-security-config>

Then add a reference to this file in your app's manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

Refer to: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

mfb
  • 833
  • 10
  • 14
Bird Bird
  • 430
  • 4
  • 8
  • 1
    So if we want to sniff traffic for another app, we have to use an Android version before N? – User Sep 27 '18 at 20:15
  • Yes...That's what I did – Bird Bird Nov 15 '18 at 06:09
  • 1
    Isn't there any easier way to allow the apps to use the certificate? It's a bit of a hassle to add the xml file to all of them. – MACC Oct 11 '19 at 12:02
  • What's the easiest way to add the xml to the app? Should I download the apk locally, edit it with Eclipse and change the xml file inside and then install it on the android device? Also what to do when the app already has a network_security_config.xml with info inside, should I just replace it? – MACC Oct 11 '19 at 12:20
  • Shouldn't it also include `` ? But then the IDE warns against it. Any way to set it only for debug here? – android developer Apr 13 '21 at 16:01