Enable Android Nougat ‘Charles’ing SSL network

If you have worked with backend network on your App, you probably have used Charles Web Debugging Proxy tool. It’s a very convenient way to intercept the network and perform the needed tracing or even changing it.

It also works with secured SSL network, provided you download the needed certificate, usually from http://www.charlesproxy.com/getssl/

Unfortunately, beginning Android 7 (SDK v24) onwards, the SSL network is no longer viewable directly. This is actually a newly introduced security feature in Android 7 so that the SSL network in your App is more secured, and not intercepted by 3rd party.

Enable SSL Proxy for Nougat

However, if for your own debug you would like to intercept your SSL network, what must you do? Below are two simple steps.

Update AndroidManifest.xml

Update your AndroidManifest.xml application section with networkSecurityConfig.xml

<application android:name=”AppName” 
android:icon=”@mipmap/ic_launcher”
android:label=”@string/app_name”
android:networkSecurityConfig=”@xml/network_security_config”>

Add network_security_config.xml file

You could just add the this file in your xml resource folder

<network-security-config>    
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>

This will make it work as what was done before Android 7. So in Android 7, your App SSL network is proxy-able.

Enable SSL Proxy in Nougat for debug only

The above setting is good, but it defeats the purpose of Google adding this security feature in Android Nougat for your App.

So to take advantage of this feature, you might want to enable your SSL network to be proxy-able in debug mode only.

What you need to do is still follow the step one above, but change the content of networkSecurityConfig.xml to below

<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>

With this, only the debug mode would override the permitted certificate source, to include from user.

Viola! Now you could perform your SSL Charles for Nougat!

Additional informations