安卓抓包踩坑记录

本文对Charles抓不了Https请求做个记录

主要原因是安卓7.X之后调整了安全策略而导致部分手机抓包失效。

https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

To allow your app to trust custom CAs for a specific domain, include something like this in your Network Security Config.

<network-security-config>  
      <domain-config>  
           <domain includeSubdomains="true">internal.example.com</domain>  
           <trust-anchors>  
                <!-- Only trust the CAs included with the app  
                     for connections to internal.example.com -->  
                <certificates src="user" />  
           </trust-anchors>  
      </domain-config>  
 </network-security-config>

客户端CA证书分为system和user，用户自己添加的即为userCA。（Charles属于userCA）。

安卓抓包踩坑记录

本文对Charles抓不了Https请求做个记录

本文对Charles抓不了Https请求做个记录