When the app makes a data request, if it prints the log every time to judge that it is a very "humane" operation behavior, it is generally analyzed by capturing packets.
For the most commonly used software Fiddler, it is okay to perform ordinary http packet capture, but for https packet capture, you need to install the Fiddler certificate locally, because https is encrypted. And because it is a self-installed blocking certificate, the system will usually prompt you that your network may have been monitored......
Android 7.0 or lower, you can capture https packets after installing the certificate, but 7.0 found that even if the certificate is installed, you still can't capture https packets, a search...... Sure enough, there is an inside story, and Google has changed the security configuration of the network in 7.0 to reduce the granularity of the application level......
Official documentation: https://developer.android.com/training/articles/security-config.html
In other words, even if the system has a certificate installed, the application itself can choose to trust or not trust. The initiative moves from the system to the individual applications themselves.
How to configure? Students can click in and see by themselves, it is still very simple, and it can also be configured differently for debug and release. Here is a post for those students who don't know how to surf the Internet scientifically, the general configuration of the universe (that is, trust all certificates...... )
Configuration file: res/xml/network_security_config.xml
AndroidManifest.xml Configuration of the file
|
Posted on 3/20/2018 9:32:31 PM
|
|
|
