0. Preface
Starting with Nougat, Android changed the default trust behavior for user-installed certificates. This means that installing Burp CA from sdcard will not be able to intercept application traffic. Unless otherwise specified, applications will only trust system-level CA certificates.
That is to say, Android 7.0 and above systems have modified the security policy of certificates. User certificates can only be used to proxy browser traffic, and applications will not trust these certificates.
The actual measurement shows that when the CA certificate is installed on a mobile phone with a high version of Android system installed, a prompt will appear:
Therefore, using tools such as HttpCanary to capture packets on these mobile phones requires special operations. First, manually install the certificate from the settings, and then bypass the software's detection of the CA certificate.
1. Install HttpCanary
HttpCanary 3.3.6 Premium is recommended
download link:
Qingbei Netdisk (30 days expired)
https://pan.tsinbei.com/s/NqFQ
Password: aygk4s
Note: Using other versions may result in some incompetence, for example, some versions do not support exporting certificates.
2, install the certificate
Click on the menu bar in the upper left corner and enter the settings
Click on Capture Settings - Root Certificate Settings
Click to install root certificate
Note: The above steps need to be performed on a lower version of Android, and it is recommended to use the same brand as your own mobile phone to facilitate subsequent software backup and migration
HttpCanary bypasses certificate installation
Comments