在使用charles抓HTTPS包的时候,需要安装证书才能生效,但是我按照教程仔细又仔细的安装好证书后,依然不可用,用尽各种办法依然是徒劳。最后跑到官网下看了一下,发现如下信息,原来android N以后,android就默认不支持抓HTTPS包了。附如下原文:
Android
As of Android N, you need to add configuration to your
app in order to have it trust the SSL certificates generated by Charles SSL
Proxying. This means that you can only use SSL Proxying with apps that you
control.
In order to configure your app to trust
Charles, you need to add a Network Security Configuration File to your app. This file can
override the system default, enabling your app to trust user installed CA
certificates (e.g. the Charles Root Certificate). You can specify that this
only applies in debug builds of your application, so that production builds use
the default trust profile.
Add a file res/xml/network_security_config.xml to
your app:
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only-->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Then add a reference to this file in your app's
manifest, as follows:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config" ... >...
</application>
</manifest>
翻译:
从android N以后(应用targetSdkVersion
>= 24时生效,如果targetSdkVersion <
24即使系统是7.0+依然会信任),你需要给自己的app添加配置来信任charles的SSL代理,这意味着你只能使用SSL代理在你自己能控制的app上。
为了能够配置你的app信任Charles,你需要为你的app添加一个网络安全配置文件。这个文件将会重写系统的默认设置,使你的app可以信任用户自己安装的CA证书。你可以指定只在debug模式下应用这个配置,这样正式版本将会依然采用系统默认的配置,无法进行抓包。
在你的app工程里添加一个res/xml/network_security_config.xml文件:
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only-->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
在Manifest中添加一个该文件的引用,如下:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config" ... >...
</application>
</manifest>
如果是root用户的话,可以将CA安装到系统证书中,然后就可以在任意app上抓取HTTPS的包了。
网友评论