proxy https packet intercept

1. Save a SSL certificate from Charles

Launch Charles

Go to Help > SSL Proxying > Save Charles Root Certificate.

Then save it as format Base 64 encoded certificate (.pem)

2. Convert it to a format that Androids can use

Get the hash value of this certificate, rename the file according to this hash value and export the PEM information into the bottom of this new file.

FILE=$(openssl x509 -inform PEM -subject_hash_old -in charles-ssl-proxying-certificate.pem | head -1).0
cat charles-ssl-proxying-certificate.pem > $FILE
openssl x509 -inform PEM -text -in charles-ssl-proxying-certificate.pem -out /dev/null >> $FILE
echo converted file as $FILE

If system cannot recognise -subject_hash_old, use -subject_hash instead

FILE=$(openssl x509 -inform PEM -subject_hash -in charles-ssl-proxying-certificate.pem | head -1).0
cat charles-ssl-proxying-certificate.pem > $FILE
openssl x509 -inform PEM -text -in charles-ssl-proxying-certificate.pem -out /dev/null >> $FILE
echo converted file as $FILE

after running, your terminal should show the converted file name. i.e.

converted file as c56066ed.0

3. Make sure your device is rooted

this step depends on your device. please google “root YOUR Modle"

4. Copy converted certificate to device storage

Assuming the converted file is c56066ed.0

adb push c56066ed.0 /data/local/tmp/
adb shell

 

5. Copy the certificate to system

mount -o rw,remount /system
cp /sdcard/c56066ed.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/c56066ed.0

6. Reboot

Reboot should make the new certificate work. If you are still in adb shell, you can run:

reboot

7. Enable SSL Proxy in Charles

Proxy → SSL Proxy Settings → SSL Proxy tab → Add Host:* Port:*

 

Online Reference

 

https://jamie.holdings/2016/09/04/Installing-a-new-trusted-SSL-root-certificate-on-Android.html

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s