After Android 7, the phone system only trusts the root certificate built into the system. The imported user certificate cannot be trusted, so we cannot use fidder to capture the HTTPS request of the app. Here I will take the Fiddler Everywhere packet capture tool as an example to demonstrate how to write the certificate to the Android system root certificate directory (/system/etc/security/cacerts/).
environment:
- Fiddler Everywhere3.4.1
- Night Simulator
- Virtual environment Android7 (32-bit)
1. Preparation tools
-
Download Win32/Win64 OpenSSL, URL http://slproweb.com/download/Win64OpenSSL_Light-3_0_5.msi installation
-
Download the SDK Platform-Tools Android Debug Bridge (adb) for Windows at https://dl.google.com/android/repository/platform-tools-latest-windows.zip
2. Export the certificate from Fiddler Everywhere to the desktop (the file name is FiddlerRootCertificate.pem)
From the menu view -> Preferences
3. Use the following command to get the hash value
openssl x509 -subject_hash_old -in FiddlerRootCertificate.pemExecute the above command and pay attention to the location of the openssl program and the file FiddlerRootCertificate.pem. I directly copy FiddlerRootCertificate.pem to the directory where openssl.exe is located, and then execute cmd. This is more convenient.
4. Use the hash value as the file name, rename FiddlerRootCertificate.pem to e5c3944b.0, note that the extension here is number 0
5. Turn on the virtual machine and use adb to connect
6. Determine whether it is root (enabled by default)
Note that if you do not have root privileges, please check in the virtual machine, restart, and then connect:
7. Put the /system part in writable mode adb remount
8. Copy the certificate file to the certificate directory adb push e5c3944b.0 /system/etc/security/cacerts/
