HttpCanary bypasses certificate installation

0. Preface

Starting with Nougat, Android changed the default trust behavior for user-installed certificates. This means that installing Burp CA from sdcard will not be able to intercept application traffic. Unless otherwise specified, applications will only trust system-level CA certificates.
That is to say, Android 7.0 and above systems have modified the security policy of certificates. User certificates can only be used to proxy browser traffic, and applications will not trust these certificates.
The actual measurement shows that when the CA certificate is installed on a mobile phone with a high version of Android system installed, a prompt will appear:

Therefore, using tools such as HttpCanary to capture packets on these mobile phones requires special operations. First, manually install the certificate from the settings, and then bypass the software's detection of the CA certificate.

1. Install HttpCanary

HttpCanary 3.3.6 Premium is recommended
download link:
Qingbei Netdisk (30 days expired)
https://pan.tsinbei.com/s/NqFQ
Password: aygk4s
Note: Using other versions may result in some incompetence, for example, some versions do not support exporting certificates.

2, install the certificate

Click on the menu bar in the upper left corner and enter the settings

Click on Capture Settings - Root Certificate Settings

Click to install root certificate

Note: The above steps need to be performed on a lower version of Android, and it is recommended to use the same brand as your own mobile phone to facilitate subsequent software backup and migration

HttpCanary bypasses certificate installation

https://blog.tsinbei.com/en/archives/37/

Author
Hsukqi Lee
Posted on

2022-01-17

Edited on

2022-07-28

Licensed under

CC BY-NC-ND 4.0

Comments

Name
Mail
Site
None yet