I am trying to proxy my phone running Android 7.1.2, to look at the gets and posts made through an app I'm working with. Using CharlesProxy 4.1.4, this is easily possible for iOS devices. However, the app functions differently on Android, and we want to know how.
I have configured my device to connect to Charles by entering the IP and Port, followed by navigating to chls.pro/ssl
to get the CA certificate. Even on chrome, the certificate downloaded and installed without fault. I can see calls coming into Charles, but I cannot see any content of the call. Instead, it is listed as <unknown>
stating SSLHandshake: Received fatal alert: certificate_unknown
.
Is there another way I can actually trust this certificate? Or is there another way to successfully allow SSL with Android? Again, all of my settings work fine with iOS devices, so I do not need examples for that OS.
Thanks
As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.
In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.
Add a file res/xml/network_security_config.xml to your app:
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Then add a reference to this file in your app's manifest, as follows:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config" ... >
...
</application>
</manifest>
Refer to: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/