Clever Geek Handbook

CharlesProxy SSL handshake error on Android Nougat

I am trying to proxy my Android 7.1.2 phone to see what it gets and messages generated through the app I am working with. Using CharlesProxy 4.1.4, this is easily possible for iOS devices. However, the app works differently on Android and we want to know how to do it.

I configured my device to connect to Charles by entering IP and Port, then navigate to chls.pro/ssl

to get the CA certificate. Even on chrome, the certificate is downloaded and installed without a glitch. I can see the calls coming to Charles, but I can’t see any call content. Instead, it is listed as <unknown>

indicating SSLHandshake: Received fatal alert: certificate_unknown

.

Is there any other way I can actually trust this certificate? Or is there another way to successfully allow SSL from Android? Again, all my settings work fine with iOS devices, so I don't need examples for that OS.

thank

+3


source to share


1 answer


As far as Android N is concerned, you need to add configuration to your application to make it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with applications that you control.

To configure your application to trust Charles, you need to add a network security configuration file to it. This file can override the system default, allowing your application to trust the user's installed CA certificates (for example, Charles Root Certificate). You can specify that this is only applicable in debug builds of your application, so production builds use the default trust profile.

Add res / xml / network_security_config.xml file to your application:

<network-security-config> 
<debug-overrides> 
    <trust-anchors> 
        <!-- Trust user added CAs while debuggable only -->
        <certificates src="user" /> 
    </trust-anchors> 
</debug-overrides>


Then add a link to this file in your application manifest like this:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

See https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/.

+3


source






More articles:


All Articles