Enable SSL Proxy on Android
After launching Android 7 (API24) we need additional tweaks to allow SSL proxy
Firstly, we need to create (or update) file network_security_config.xml
in xml folder:
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
But this code will allow MITM-hacking always. Instead of this, we can allow SSL proxy only at debug time:
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Also we need to modify our AndroidManifest.xml
by adding android:networkSecurityConfig=”@xml/network_security_config”
to app configuration:
<application android:name=”AppName”
android:icon=”@mipmap/ic_launcher”
android:label=”@string/app_name”
android:networkSecurityConfig=”@xml/network_security_config”>
And last one: we need to add system certificate from proxy software (Charles, Fidler, etc.) into our Android device. Now we can see all requests/responses in real-time!