This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming Technical chat Solutions to catch packets after Android 7.0 unknown and invalid certificates ...
View: 16115|Reply: 2

Solution to catch packets after Android 7.0 unknown and invalid certificates

[Copy link]
Posted on 3/18/2019 9:38:06 PM | | | |
background

When using packet capture software (taking Charles as an example) to capture the https request of the APP, both Android and Charles have installed the certificate correctly but the packet capture fails, and an error is reported:

Client SSL handshake failed: An unknown issue occurred processing the certificate (certificate_unknown)



Cause

After Android7.0, the CA certificate added to the system by default is not trusted:

To provide a more consistent and more secure experience across the Android ecosystem, beginning with Android Nougat, compatible devices trust only the standardized system CAs maintained in AOSP .


Documentation link:https://android-developers.googl ... ed-certificate.html

This means that for apps based on SDK24 and above, even if you have a certificate of the packet capture tool installed on your phone, you will not be able to capture https requests.

solution

1. Official solution (code modification required)

Official documentation:https://developer.android.google ... ecurity-config.html
Detailed Demonstration:https://blog.csdn.net/mrxiagc/article/details/75329629

2. Install the certificate of the packet capture software as a system certificate (ROOT required)

System certificate directory: /system/etc/security/cacerts/

The naming convention for each certificate is as follows:
<Certificate_Hash>. <Number>

The file name is a hash value, while the suffix is a number.

The file name can be calculated with the following command:


For example, if the hash value calculated by two certificates is the same, then the suffix number of one certificate can be set to 0, and the suffix number of the other certificate can be set to 1

Steps:

Use the above command to calculate the hash value of the packet capture software's certificate, rename it, and copy it to the system certificate directory



At this time, you should be able to see your newly added certificate in the System tab of Settings - > Security - > Encryption & Credentials - > Trusted Credentials







Previous:Front-end JavaScript interview skills
Next:How to implement verification code verification on the landing page?????

Related Posts
Posted on 3/19/2019 9:13:25 AM |
May I ask the owner, some applications and APPs will fail to capture packets through proxies, I don't know how to solve it?
Posted on 9/6/2019 10:55:58 PM |
Look at the boss
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com