How to Get Charles Proxy Work with Android 7 Nougat

How to get charles proxy work with Android 7 nougat?

Based on the troubleshooting thread of comments for the OP, the answer is to install just the proxy's CA cert as trusted, not its cert + private key.

The issue was caused by two factors:

  1. Installing not just the MiTM proxy's CA cert but also its private key (thus enabling VPN apps on the device to decrypt/MiTM network traffic from other apps). You don't need the MiTM proxy's private key on the device.

  2. Android Nougat change in behavior of the Settings -> Security -> Install from storage flow for files which contain a private key in addition to cert(s). This change in behavior unmasked the above issue.

Prior to Nougat, the Settings -> Security -> Install from storage flow for files containing a private key in addition to certs erroneously installed the certs as trusted for server authentication (e.g., HTTPS, TLS, thus making your MiTM succeed), in addition to being correctly installed as client certs used for authenticating this Android device to servers. In Nougat, the bug was fixed and these certs are no longer installed as trusted for server authentication. This prevents client authentication credentials from affecting (weaking) the security of connections to servers. In your scenario, this prevents your MiTM from succeeding.

What complicates matters is that the Settings -> Security -> Install from storage does not provide an explicit way for the user to specify whether they are installing a client authentication credential (private key + cert chain) or a server authentication trust anchor (just a CA cert -- no private key needed). As a result, the Settings -> Security -> Install from storage flow guesses whether it's dealing with client/user authentication credential or server authentication trust anchor by assuming that, if a private key is specified, it must be a client/user authentication credential. In your case, it incorrectly assumed that you are installing a client/user authentication credential rather than a server authentication trust anchor.

P. S. With regards to your Network Security Config, you should probably configure the app to also trust "system" trust anchors in debug mode (debug-overrides section). Otherwise debug builds of the app won't work unless connections are MiTM'd by a proxy whose CA cert is installed as trusted on the Android device.

Charles Proxy not working for Android version above 7.0?

If you are facing issue using Charles on Device tar-getting above 7.0 in Android, follow these steps, as detailed in the Charles Proxy documentation

  1. Add following line 

    android:networkSecurityConfig="@xml/network_security_config">

    to your manifest file in Application Tag.

  2. Create a xml folder with a file named network_security_config and paste following code in it.

<?xml version="1.0" encoding="utf-8"?><network-security-config>    <base-config>        <trust-anchors>            <certificates src="system" />        </trust-anchors>    </base-config>    <debug-overrides>        <trust-anchors>            <certificates src="user" />        </trust-anchors>    </debug-overrides></network-security-config>

Charles Proxy + Android HTTPS

See this question which has updated answers for Charles 4 and Android 7.

  • You must install the cert from Charles help menu, and you must use Settings -> Security -> Install from storage on device.

  • Your app needs a network_security_config.xml

  • You must use a debuggable app

How do I configure Charles Proxy and Android so that I can view HTTPS sessions

I figured the issue. Its because Charles 3.7 has some bugs for Android devices. I updated to Charles 3.8 Beta version and seems to working fine for me.

Unable to view HTTPS requests in Charles Proxy with Android

Your network config there is within <debug-overrides>, which only applies for debug builds. Did you build the application in debug mode, or for production? If you don't build in debug mode then that config won't apply.

You probably want to use <base-config> instead, which applies to all builds, not just debug builds. There's a full example here: https://httptoolkit.tech/docs/guides/android/#if-you-dont-have-a-custom-network-security-config.

If that doesn't work, then it's likely that there's some certificate pinning in place in the application code itself, independent of the network security settings. To fix that you'll need to manually edit the code itself. You can also try using https://github.com/shroudedcode/apk-mitm which has a selection of automated patches that disable many common manual pinning implementations for you.


Related Topics

Android Studio: Application Installation Failed

Android Simplecursoradapter Doesn't Update When Database Changes

Immersive Mode Navigation Becomes Sticky After Volume Press or Minimise-Restore

How to Remove the Top and Bottom Space on Textview of Android

Put a Progressbar on Actionbar

Pass List of Objects from One Activity to Other Activity in Android

Unsigned APK Can Not Be Installed

How to Access Localhost from a Genymotion Android Emulator

Intent.Putextra List

How to Get All Child's Data in Firebase Database

Android Xml Rounded Clipped Corners

How to Hide System Bar on Android Ics

How to Hide the System Bar

How to Add Shadow to the Fab Provided with the Android Support Design Library

Notifications Fail to Display in Android Oreo (API 26)

Android Viewpager Setcurrentitem Not Working After Onresume

How to Add a Gesture Detector to a View in Android

Packaging Android Resource Files Within a Distributable Jar File


Leave a reply



Submit