Skip to content

Instantly share code, notes, and snippets.

@luciopaiva
Last active April 18, 2024 07:46
Show Gist options
  • Save luciopaiva/aa9cb30863804fb2ac3ed1ccd11c95c7 to your computer and use it in GitHub Desktop.
Save luciopaiva/aa9cb30863804fb2ac3ed1ccd11c95c7 to your computer and use it in GitHub Desktop.
Android APK HTTPS user certificates how-to

Android APK HTTPS user certificates how-to

Starting with Android Nougat, Google changed the way apps handle user certificates:

Apps that target API Level 24 and above no longer trust user or admin-added CAs for secure connections, by default.

This means that certificates issued by applications like Charles or mitmproxy are no longer accepted, so these proxies won't work for HTTPS traffic.

This tutorial explains what needs to be done to overcome that restriction and be able to sniff any Android app's HTTPS requests.

For instructions on how to pull, modify, rebuild and redeploy an Android app, see this tutorial.

Add attribute to manifest.xml

Once your target apk is properly disassembled, look for AndroidManifest.xml at the root folder and add the following attribute to the application element:

<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

That attribute points to a file that must exist in the res/xml/ folder inside your project. If it doesn't, create it now and change its contents to be like this:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>  
      <base-config>  
            <trust-anchors>  
                <!-- Trust preinstalled CAs -->  
                <certificates src="system" />  
                <!-- Additionally trust user added CAs -->  
                <certificates src="user" />  
           </trust-anchors>  
      </base-config>  
 </network-security-config>

This rule tells the Android system to accept any system or user certificates, overriding default behavior. See this page for other overriding options.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment