So here are some similar but outdated answers that might have helped me few years/months ago:
Why can't I see http or https traffic from Chrome Browser for Android on Charles Proxy?
How to get charles proxy work with Android 7 nougat?
I followed all of the instructions, I can read http requests fine, but not https requests. Still can't figure what I am doing wrong. There isn't much of my own to post since I have just followed the above guides.
I think the main issue is how do I force the app I am trying to debug to use my certificate? The manifest modifications don't seem to do the trick.
See this question which has updated answers for Charles 4 and Android 7.
You must install the cert from Charles help menu, and you must use Settings -> Security -> Install from storage on device.
Your app needs a network_security_config.xml
You must use a debuggable app
For those who look for more recent Android Release (8,9,10 or ++) + CharlesProxy 4.6
Can refer this guidethrough...
From Android N+, it requires extra steps to make it works.
1.Add res/xml/network_security_config.xml to your project.
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</debug-overrides>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config>
<!-- Make sure your URL Server here -->
<domain includeSubdomains="true">your_production_domain</domain>
<trust-anchors>
<certificates src="user"/>
<certificates src="system"/>
</trust-anchors>
</domain-config>
=> Make sure you replace your_production_domain with the domain that you would intercept
2.Add to AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="#xml/network_security_config" ... >
...
</application>
</manifest>
If you could not make it works, you can check out the sample code, which has all configuration.
Related
Cleartext is enabled in the manifest.
I have done adb reverse tcp:8081 tcp:8081 command.
The same app readily works on an API 28 emulator.
I get the message Could not connect to development server.
Is there another reason why Android 12 might cause problems with this?
Thanks :)
The issue was the need to add localhost to res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
I was trying to communicate with my server using Axios. I checked it worked well in the same URL, same body data in Postman. However, in most conditions, the application doesn't make an HTTP call - It only works when I turn on network inspector in react-native-debugger with debug mode. make a bunch of error messages like below.
Error: Network Error at createError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115372:17) at EventTarget.handleError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115282:16) at EventTarget.dispatchEvent
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:33554:27) at EventTarget.setReadyState
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32692:20) at EventTarget.__didCompleteResponse
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32500:16) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32616:47 at RCTDeviceEventEmitter.emit
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:2310:37) at MessageQueue.__callFunction
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3348:31) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3076:17 at MessageQueue.__guard
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3302:13)
I read the article that android network policy may be the reason. I changed the AndroidManifest.xml below. Then I checked there is http:// or https:// in a domain, and there was no problem with the domain. Finally, I added network_security_config.xml, but it doesn't make a change.
I use my physical android phone(galaxy A50, android 11) instead of AVD. targetSdkVersion and complieSdkVersion are also API 30, minSdkVersion is 22.
postLogIn
export function postLogIn(authorizationInfo: WheelieAuthorizationInfo) {
return axios.post<{
statusCode: number;
token: string;
}>(`${domain}/account/login`, authorizationInfo);
}
app/src/debug/AndrodiManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
tools:targetApi="28"
tools:ignore="GoogleAppIndexingWarning">
<activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
</application>
</manifest>
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
</domain-config>
</network-security-config>
I solved this problem two days ago by adding network_security_config.xml and network certificates(*.pem) for my backend API server.
References: Andorid Dev Network Security Configuration
First, add a custom networking security setting in AndroidManifest.xml
...
<application
...
android:networkSecurityConfig="#xml/network_security_config">
Second, make ./android/app/src/main/res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">pedalers.net</domain>
<trust-anchors>
<certificates src="#raw/my_ca"/>
</trust-anchors>
</domain-config>
<domain-config cleartextTrafficPermitted="true">
<!-- Without localhost setting, it's unable to connect metro with app. -->
<domain includeSubdomains="true">127.0.0.1</domain>
<!-- For physical phone, 10.0.0.1 is the address connect to computer -->
<domain includeSubdomains="true">10.0.0.1</domain>
<!-- For AVD, 10.0.2.2 is the address connect to computer -->
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
Third, add the self-signed or non-public CA certificate, in PEM or DER format, to res/raw/my_ca.
As I found in this article.
I want to update my network security config to allow root certificates from the personal store of my android emulator.
but when I do this, I cant build my app anymore. The error message:
Unable to load script. Make sure you're either running a metro server
(run 'react-native-start') or that your bundle 'index.android.bundle'
is packaged correctly for release.
when i remove android:networkSecurityConfig="#xml/network_security_config" its all running fine again..
Does anyone know what to do? or has an other way of making changes to the security config?
okay, finally found it !! :)
React native does need clear text traffic for the build.. so the network security config file should contain: <base-config cleartextTrafficPermitted="true">
so i have a tag in src/debug/AndroidManifest.xml
<application tools:targetApi="28" tools:ignore="GoogleAppIndexingWarning"
android:networkSecurityConfig="#xml/react_native_config" />
and created a file src/debug/res/xml/react_native_config.xml with:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="user"/>
<certificates src="system"/>
</trust-anchors>
</base-config>
</network-security-config>
First of all let me clarify that I know that this is a very bad practice and I will not push this change into my production code. But sometimes we need to debug some changes in non debuggable flavour of my application but all the https urls are failing with the following error
Client SSL handshake failed: An unknown issue occurred processing the certificate (certificate_unknown)
I have used the following network config files and added in my manifest file. This is working in debuggable flavour of the app but still not working in non-debuggable flavour.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Is there any way I can use charles to monitor my network calls in the non-debuggable flavour of the android app ?
This one works for me:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
Source
When creating your release build that needs to debug using Charls, In the Manifest inside the application context. please add android:debuggable="true" after that try to build your release build and try to debug using Charls.
I have not tried this but this might work. According to the following link.
https://developer.android.com/training/articles/security-config.html
I am using Charles for intercepting request and response from a long time,but When I tried google pixel targeting Android Oreo, It keep giving me hand-shake exception. I was aware their certain changes has been done in Naught about network security. Any sort of help will be appreciated.
If you are facing issue using Charles on Device tar-getting above 7.0 in Android, follow these steps, as detailed in the Charles Proxy documentation
Add following line
android:networkSecurityConfig="#xml/network_security_config">
to your manifest file in Application Tag.
Create a xml folder with a file named network_security_config and paste following code in it.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Note: Do not commit above to your branch if you have only single build flavours.
For People having different build flavours (debug/release/other) can use this for debug version and commit as well.
The other answer is correct as well, but according to the documentation the base-config xml tag is not needed at all. While this is not explicitly mentioned, their example does not include that tag.
This is the code on the Documentation site for "Configure CAs for debugging":
res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="#raw/debug_cas"/>
</trust-anchors>
</debug-overrides>
</network-security-config>
Instead of specifying a specific certificate, we can just allow user-installed certs though, like in the other answer:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>