Open andforce opened 2 weeks ago
You should use the Automatic Script for Android Emulator: https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator
It does everything you mentioned in 1-clicks
You should use the Automatic Script for Android Emulator: https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator
It does everything you mentioned in 1-clicks
The core issue is not that installing the certificate is complicated
, but rather that after installing the certificate, you still need to configure res/xml/network_security_config.xml
.
This means you can’t capture traffic from apps developed by others because you can’t add a new network_security_config.xml
to someone else’s app.
However, if provide a certificate file in .0 format, we can capture traffic from all apps installed on the android phone, not just the ones we developed.
I understand it works with the rooted
Android device
You can can export the PEM file in the Certificate menu -> Export and manually convert to 0. cert
May I ask @andforce. Does your approach (.0 cert) work with a normal Android Emulator (which is launched from Android Studio) ?
I'd like to get rid of this res/xml/network_security_config.xml
I understand it works with the
rooted
Android deviceYou can can export the PEM file in the Certificate menu -> Export and manually convert to 0. cert
I’m currently manually converting certificates into .0 format, which allows for perfect packet capture, but the process is a bit complex.
May I ask @andforce. Does your approach (.0 cert) work with a normal Android Emulator (which is launched from Android Studio) ?
I'd like to get rid of this
res/xml/network_security_config.xml
Here’s a simple explanation of why a .0 certificate can bypass the need for res/xml/network_security_config.xml
to capture traffic from all apps:
In the Android system, whether it’s an emulator or a physical device, system certificates are stored in /system/etc/security/cacerts/
:
emu64a:/system/etc/security/cacerts # ls
01419da9.0 1e8e7201.0 302904dd.0 3c899c73.0 5046c355.0 5fdd185d.0 76579174.0 86212b19.0 9339512a.0
...
99e1b953.0 ab5346f4.0 b872f2b4.0 c491639e.0 d16a5865.0 d96b65e2.0 e48193cf.0 f0cd152c.0
These are system-type certificates trusted by the system. So, if we can find a way to place the .0 certificate file into this directory, it will be trusted by the system, allowing us to capture traffic from all apps.
Description
We would like to add a feature on Mac to “Export certificates in .0 format.”
The current process is somewhat complex. I have to first download the certificate in .pem format on my phone and then convert it to .0 format.
For reference on how to convert a .pem certificate to .0 format, please check: https://blog.csdn.net/haduwi/article/details/125696208
Why this feature/change is important?
I know that Proxyman currently offers a solution for exporting certificates in .pem format, but this process is a bit cumbersome. For rooted Android devices, there is actually a simpler way to capture network traffic:
After exporting the certificate in .pem format, you can use the following command:
This command will get a filename at first line. Rename the file with a .0 extension.
Then, push the renamed file to the
/system/etc/security/cacerts/
directory on the phone. This will allow you to capture network traffic easily without needing to configure res/xml/network_security_config.xml in your app.