Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CharlesProxy SSL Handshake failure on Android Nougat

Tags:

certificate

ssl-certificate

android-7.1-nougat

charles-proxy

I am trying to proxy my phone running Android 7.1.2, to look at the gets and posts made through an app I'm working with. Using CharlesProxy 4.1.4, this is easily possible for iOS devices. However, the app functions differently on Android, and we want to know how.

I have configured my device to connect to Charles by entering the IP and Port, followed by navigating to chls.pro/ssl to get the CA certificate. Even on chrome, the certificate downloaded and installed without fault. I can see calls coming into Charles, but I cannot see any content of the call. Instead, it is listed as <unknown> stating SSLHandshake: Received fatal alert: certificate_unknown.

Is there another way I can actually trust this certificate? Or is there another way to successfully allow SSL with Android? Again, all of my settings work fine with iOS devices, so I do not need examples for that OS.

Thanks

like image 373
twalrus Avatar asked Jul 10 '17 21:07

twalrus

1 Answers

As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.

In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

<network-security-config> 
    <debug-overrides> 
        <trust-anchors> 
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" /> 
        </trust-anchors> 
    </debug-overrides> 
</network-security-config>

Then add a reference to this file in your app's manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

Refer to: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

like image 176
Bird Bird Avatar answered Oct 16 '22 06:10

Bird Bird
Sign in to Comment

Related questions

FtpWebRequest "The remote certificate is invalid according to the validation procedure"
SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists - How to bound certificate to ipport?
What happens if I have expired additional certificate in the chain with alternate trust path?
Identifying whether a certificate is der encoded or base 64 encoded
Python Requests: .pem -> .crt + key
Change Signing Certificate in Xcode 8 Beta 2
Why is this X.509 certificate considered invalid?
Tool for Viewing X.509 Certificates?
Certificate problem with a new machine - credentials supplied to package not recognized
Can I modify a private key validity?
How to validate X509 certificate?
Self signed certificate in production
Signing .exe with .cer file (what is my certificate's name that signtool.exe is asking for?)
How to force Apache 2.2 to send the full certificate chain?
New-SelfSignedCertificate on Win2012 r2 has less parameters
Can I convert p8 APNs Auth Key to pem file?
How do I use a local HTTPS URL in java?
Invalid Common Name when using a SAN certificate
App Store upload rejected by push entitlements problem
Is there a command line utility to extract the certificate thumbprint?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!