To intercept the api and modify the api response locally, I was setting up ProxyMan to my android device Pixel-4a and faced this popup Install CA certificates in Settings after I tried to hit http://proxy.man/ssl to install the CA certificate from ProxyMan to my device I face the error popup as attached, earlier in my older device it worked fine however for my new device I'm facing this issue, when I click CLOSE on the popup window, a toast message appears : Failed to install certificate.
I'm facing the issue in Pixel 4a, however the same works fine in Moto X-Play, attached is the screenshot of the popup.
Similar question I found is here, however this doesn't helped me, or I was not able to understand the exact issue, since I'm facing this specifically with ProxyMan and the question asked is for VPN.
If anyone using proxyMan for intercepting the api on real android device and faced the same issue please help, I'm blocked on this issue and can't move anywhere in my android device, my precise question is:
Is there any option to reach to the settings where the device certificates are present and how can I add the proxyMan certificate with those certificate?
I got the solution here,
Once I hit the api http://proxy.man/ssl, the certificate were downloaded in my download package however it was not installed automatically since from Android 11 certificate can not be install automatically and user have to install it manually by following steps:
Install a certificate
Open your phone's Settings app.
Tap Security And then Advanced settings and then Encryption & credentials.
Tap Install a certificate And then CA certificate.
In the top left, tap Menu .
Tap where you saved the certificate.[in my case it was downloads]
Tap the file.
If needed, enter the key store password. Tap OK.
Enter a name for the certificate.
Tap OK.
Related
In my dev laptop I installed an SSL cert using mkcert. Works fine in all desktop browsers. They don't even prompt to accept the "risk" and continue. But in my Android phone on the same LAN (with the dev subdomain in dns) I get that prompt from both Chrome and Firefox. That would be acceptable, except Firefox prompts pretty much every time I return focus to the app. It gets annoying having to click two extra buttons (Advanced then Accept Risk and Continue) for every code change that needs to be tested in all browsers.
Is there any way to make Android Firefox permanently accept the cert or any other solution?
Took a while, but I figured it out!
First transfer copy of the rootCA.pem cert file from laptop to phone.
File location found via CLI: mkcert -CAROOT
Then install the cert file in Android settings, the location of which varies per device and Android version.
In my phone it was in: Android Settings / General / Lock screen & security / Encryption & credentials / Install from storage
You might have to restart the phone. Also might have to click TRUST on the cert in Android settings.
Then enable Firefox secret settings by clicking multiple times on the Firefox logo in the About page, then in secret settings enable "Use third party CA certificates".
Voila!
I want to make sure I understand which Certificate Authorities are really trusted by Google Chrome so I can implement similar logic in my custom browser using WebView. I followed these steps:
Open Settings.
Tap “Security & location”
Tap “Encryption & credentials”
Tap “Trusted credentials.” This will display a list of all trusted certs on the device.
The list is Alphabetical and Sectigo RSA Extended Validation Secure Server CA is not there. However when I start Google Chrome and navigate to https://sectigo.com/ the browser shows that their certificate is OK. Any idea why?
I am trying to gain access to an API from an Android application, so I can extract the GET request and use it on my PC instead. I have verified that this is indeed possible, however, I have one problem: Their Firebase integration gives me a 403.
The app works like this:
Open app
Enter your address and select it from a list
Press "Add address"
App sends a POST request to Firebase (probably registrering a session or something)
App succeeds and returns to a "view" page, that contains the info I want to extract
I've extracted the app using adb pull /data/app/....apk and then used AddSecurityExceptionAndroid to enable debugging via Charles Proxy and so on, from my computer. Once I've built a new APK, simply install it with adb install application.apk.
Once I launch the newly installed app, I am once again greeted with the same "Enter your address" popup, like it completely forgot I already entered it once. Is there a way to bypass this, so the APK I extract already has this data? Or keep it on the device for future use, so when I install my patched APK, it's already "signed in"?
The problem is, if I only enable SSL proxying for *.apiwebsite.com and let my phone handle everything else, it works great until I need to send a POST request to firebaseinstallations.googleapis.com, where my phone just hangs and eventually the app crashes. It happens right after I press the Add address button, after searching for my address and selecting the correct one.
So I either need to find a way to make it not fail with Firebase, or somehow extract the APK, so I can "sign in" beforehand, pull the APK, patch the APK, and then install the APK, so the app already knows I am "signed in".
The Firebase error is:
Requests from this Android client application correct.url.here are blocked
Okay, I managed to get something working. First I installed Genymotion, then I booted up a rooted Android 8.0 virtual machine, to which I then installed the app I needed to "debug" and HttpCanary.
Logged every TLS/SSL request perfectly and I was able to retrieve the URL for the API I needed.
After two hours of research I'm wondering if there's a way to remove ca and user certificates from Android 4.0 (with root access).
The android settings menu is very poor in function (doesn't even have a filter field) and doesn't delete
The only certificate manager I found was CACertMan which hangs on loading certificates.
Any ideas?
How do you use a .p12 certificate on Android?
I tried adding it at Menu/Settings/Location and security.
When I do this the certificate disappears from the SD card but when I go to the website that needs the .p12-certificate I just get a connection error.
The certificate, password, and URL are all good. I triple checked them.
I am not the only one with this issue, right? My colleagues with iPad / iPhone can use it easily but on Android it's a pain in the ass. They just double click on the .p12 file, give certificate password, and they are set.
How come it's not like this on Android?
Make sure you copy the certificates to root of SD card.
Click on Settings->Location & Security/Security->(Install from SD card(scroll down -> Credential Storage).
Select the certificate.
Things have changed since the last answer in 2011. I'm doing this from an emulated Pixel 2 running Android R (version 10).
It's now possible to install the certificate from a download or from a google drive. The difference is trivial.
Installation
Settings->Security->Advanced->Encryption & credentials->Install a certificate
Here you'll select the type of certificate you want to install. In my case it's a CA certificate (Certificate Authority) which I use to test some systems.
At this point you'll get a warning screen. It's kind of important as the entire basis of your device's security relies on the integrity of your certificates. If this is messed up, your device will have to be wiped to be secure again.
But I assume you know what you're doing.
tap Install anyway.
You're taken to a screen with files in your Downloads directory. You can scroll around to see the possibilities. You can also click on the hamburger icon in the top left to reveal more options, such as listing your google drive account.
Tap on the certificate file you want to install
You may see a popup dialog will asking you for the password to extract certificates. Hopefully the entity that supplied you with the certificate also gave you a password.
Type in the password and cross your fingers.
If all is well you'll get a Toast saying that the certificate was installed.
Verification
You can view the certificates you have installed by via the following path:
Settings->Security->Advanced->Encryption & credentials->Trusted credentials and then clicking the USER tab.
Removing a certificate is as simple as tapping on it and then tapping the Remove button.
To import the certificate, all I had to do was to use the My Files app (or any app allowing to browse your filesystem), and then click on the p12 file. Once the certificate was imported, the apps requiring it for log-in prompted the option of using it.