Does not seem to work on A12

NVISOsecurity / MagiskTrustUserCerts

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store

1.63k stars 190 forks source link

Does not seem to work on A12 #24

Closed swablueme closed 2 years ago

swablueme commented 2 years ago

Just tried to run this on Android 12 and the notification doesn't show up and my traffic is not being decrypted. Ripperoni...

mikrodotnet commented 2 years ago

I'm having the same issue. I'm on a Google Pixel 3a, rooted with Magisk. Can anyone make this work on Android 12?

TheDauntless commented 2 years ago

I've tested this on a Galaxy S8 with LineageOS 19 (Android 12) and it works.

Are you sure the Android version is the issue, and not the application? Do you have a publicly available demo application?

swablueme commented 2 years ago

I've tested this on a Galaxy S8 with LinageOS 19 (Android 12) and it works. Are you sure the Android version is the issue, and not the application? Do you have a publicly available demo application?

I have a mitm proxy setup on my computer (Fiddler4) that requires a root cert installed on the device and the same application that is being sniffed. And I have the MagiskTrustUserCerts module on my phone. I have it setup with my android 11 Pixel 4A which works perfectly. My android 12 Pixel 6 does not work with the same setup.

TheDauntless commented 2 years ago

Was able to test this on an A12 Pixel 6, and I couldn't reproduce your bug.

I'm closing this, but if anybody else has a device that doesn't work, feel free to comment.

ekko-zhao commented 1 year ago

I'm having the same issue. I'm on a Google Pixel XL, rooted with Magisk,Android 10。

xzrvr commented 9 months ago

same issue on s10e (SM-G970F), ill just stick with another module for now

TheDauntless commented 9 months ago

I've just run another test:

Stock Galaxy S20 FE 5G
Rooted with Magisk
Install burp cert as user cert
Restart device to trigger module => All non-pinned HTTPS requests show up.

There is an issue with Chrome and required certificate transparency (CT), but that's a chrome specific issue which actually indicates that the module is working, because Chrome only forces CT on system certificates, not user certificates.

swablueme commented 5 months ago

@TheDauntless I've learnt more about cert pinning and have managed to sniff cert pinned and un cert pinned requests with this module + frida ssl cert bypass after 2 years.