Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Charles SSL Proxy works for chrome but not for the apps

Tags:

android

proxy

charles-proxy

I'm using Nexus 5X device running Android 7. I failed to setup the proxy using the recent instructions from Charles Proxy documentation. I installed certificate, but wifi settings or nugat are extended. I can set charles as a certificate but that won't let me connect to that wifi (authentication problem). So I leave it as "don't check correctness". I don't even know if that's relevant.

The thing is when I try to sniff on my app https calls I see SSLHandshake: Received fatal alert: certificate_unknown However if I run a web client using chrome on the same device - I can read calls to the same api.

The bottom line is it works for a browser but not for my app. I checked on other apps aswell. Same output.

The reason I ask here is because maybe I have to add some unsafe client to my retrofit api setup - hopefully not.

like image 859
Jacek Kwiecień Avatar asked Oct 05 '16 08:10

Jacek Kwiecień

1 Answers

Here is how you need to configure you apk in order to make CharlesProxy work in Android 7.

Android

As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.

In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

<network-security-config> 
  <debug-overrides> 
    <trust-anchors> 
      <!-- Trust user added CAs while debuggable only -->
      <certificates src="user" /> 
    </trust-anchors> 
  </debug-overrides> 
</network-security-config>

Then add a reference to this file in your app's manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <applicationandroid:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

Here you can find more details:

https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

like image 163
leMexican Avatar answered Sep 19 '22 13:09

leMexican
Sign in to Comment

Related questions

Fused Location Provider - onLocationChanged stops getting called
Android Creating custom dimension in google analytics
Why Two Methods for FirebaseDatabase Client Offline?
Sugar ORM listAll() not showing any data
Getting Error: Execution failed for task app:transformClassesWithMultidexlistForDebug
DisplayLeakActivity does not exist
Android RealmList<Integer> and RealmList<String>
Notification with setGroupSummary(true) is not visible in Android N
Android different packageName with flavors
Android GridView last column getting cut
Override Google Calendar default settings for reminders
How to set size of the bitmap in ZXing?
How to implement multiple filtering on RecyclerView based android app?
Constantly get error "HTTPClient::ReceiveTimeoutError" with my very simple calabash test case
GCM - Rarely receiving topic messages
The Android RatingBar has "bad" threshold for certain devices, fix?
Is it possible to get a regular File from DocumentFile?
Compile OpenSSL 1.1.0 for Android
espresso: Assert a Dialog is not shown
Empty microphone data using Crosswalk in Ionic 2 application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!