The installation and use of Charles will not be repeated here. The Charles tool has been introduced before .
This article focuses on how to configure the packet capture environment on Android phones
1. Get Charles configuration
Go to Help -> SSL Proxying -> Install Charles Root Certificate on a Mobile Device or Remote Browser to view the configuration.
2. Connect your phone and computer to the same LAN
3. Set up a manual proxy for mobile networks
The ip and port parameters have been obtained in the first step
4. Use the mobile browser to download and install the certificate
Go to chls.pro/ssl in the browser to download the certificate, and download the .pem format certificate. When the device cannot be recognized, you need to manually change the suffix name to .crt, and then go to the download management of the browser and select installation.
After installation, go to Settings->Security->Trusted Credentials to see the newly installed certificate.
5. Capture packets
Right-click on HTTPS in Charles and select Enable SSL Proxying to start the proxy. Then clear the Structure and request the interface again to see the captured data.
At this point, you will find that not all HTTPS can be captured. After Android 7.0, the CA certificate added to the system by the user is not trusted by default.
solution:
- Official solution: https://developer.android.google.cn/training/articles/security-config.html
- Problem solving blog post: https://blog.csdn.net/mrxiagc/article/details/75329629
- Install the certificate of the packet capture software as a system certificate (ROOT required)
I won’t go into details here unless you want to do the reverse.
6. Capture packages for your own projects
For our own Android project, to capture HTTPS packets we can set it in the complete network configuration.
Go to res -> xml to create a network-security-config.xml file with the following configuration.
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Then, go to the manifest file to configure networkSecurityConfig for the application.
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.INTERNET" />
<application android:networkSecurityConfig="@xml/network_security_config" >
</application>
</manifest>
Note: During development, set cleartextTrafficPermitted="true" to allow clear text traffic, making it easier for us to capture packets. However, when publishing an application, in order to improve the security of the application, it is usually recommended to disable plaintext traffic.