Enable Android Nougat ‘Charles’ing SSL network

Elye
Elye
Jan 5, 2017 · 2 min read
Image for post
Image for post

If you have worked with backend network on your App, you probably have used Charles Web Debugging Proxy tool. It’s a very convenient way to intercept the network and perform the needed tracing or even changing it.

It also works with secured SSL network, provided you download the needed certificate, usually from http://www.charlesproxy.com/getssl/

Unfortunately, beginning Android 7 (SDK v24) onwards, the SSL network is no longer viewable directly. This is actually a newly introduced security feature in Android 7 so that the SSL network in your App is more secured, and not intercepted by 3rd party.

Enable SSL Proxy for Nougat

However, if for your own debug you would like to intercept your SSL network, what must you do? Below are two simple steps.

Update AndroidManifest.xml

Update your AndroidManifest.xml application section with networkSecurityConfig.xml

<application android:name=”AppName” 
android:icon=”@mipmap/ic_launcher”
android:label=”@string/app_name”
android:networkSecurityConfig=”@xml/network_security_config”>

Add network_security_config.xml file

You could just add the this file in your xml resource folder

<network-security-config>    
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>

This will make it work as what was done before Android 7. So in Android 7, your App SSL network is proxy-able.

Enable SSL Proxy in Nougat for debug only

The above setting is good, but it defeats the purpose of Google adding this security feature in Android Nougat for your App.

So to take advantage of this feature, you might want to enable your SSL network to be proxy-able in debug mode only.

What you need to do is still follow the step one above, but change the content of networkSecurityConfig.xml to below

<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>

With this, only the debug mode would override the permitted certificate source, to include from user.

Viola! Now you could perform your SSL Charles for Nougat!

Additional informations


Thanks for reading. You can check out my other topics here.

You can follow me on Medium, Twitter, Facebook, and Reddit for little tips and learning on mobile development, medium writing, etc related topics. ~Elye~

Mobile App Development Publication

Sharing Mobile App Development and Learning

Sign up for Update from Mobile App Development Publication

By Mobile App Development Publication

A place where we learn and share our mobile app development experience on Medium

Create a free Medium account to get Update from Mobile App Development Publication in your inbox.

Elye

Written by

Elye

Passionate about learning, and sharing mobile development and others https://twitter.com/elye_project https://www.facebook.com/elye.proj

Mobile App Development Publication

Sharing iOS, Android and relevant Mobile App Development Technology and Learning

Elye

Written by

Elye

Passionate about learning, and sharing mobile development and others https://twitter.com/elye_project https://www.facebook.com/elye.proj

Mobile App Development Publication

Sharing iOS, Android and relevant Mobile App Development Technology and Learning

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store