Android7.0以上使用Charles抓包Https

遇到的問題

因爲Android7之後google更改了安全策略，用戶添加的CA證書不能再用於安全鏈接，意思就是你本身安裝的Charles的證書也沒有卵用了。當咱們抓HTTPS的包時候會出現下面的問題

設備上伴隨會出現下面的log

2019-02-11 14:27:12.232 8913-8954/? W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2019-02-11 14:27:12.232 8913-8954/? W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
2019-02-11 14:27:12.232 8913-8954/? W/System.err:     at com.android.okhttp.Connection.connectTls(Connection.java:235)
2019-02-11 14:27:12.232 8913-8954/? W/System.err:     at com.android.okhttp.Connection.connectSocket(Connection.java:199)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:172)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.example.android.sdk.http.HttpRequest.execute(HttpRequest.java:73)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at com.example.android.sdk.http.HttpRequest$1.run(HttpRequest.java:110)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
2019-02-11 14:27:12.233 8913-8954/? W/System.err:     at java.lang.Thread.run(Thread.java:761)
2019-02-11 14:27:12.235 8913-8954/? W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:508)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
2019-02-11 14:27:12.235 8913-8954/? W/System.err:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
2019-02-11 14:27:12.236 8913-8954/? W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
2019-02-11 14:27:12.236 8913-8954/? W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
2019-02-11 14:27:12.236 8913-8954/? W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2019-02-11 14:27:12.236 8913-8954/? W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
2019-02-11 14:27:12.236 8913-8954/? W/System.err: 	... 16 more
2019-02-11 14:27:12.236 8913-8954/? W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2019-02-11 14:27:12.236 8913-8954/? W/System.err: 	... 28 more
複製代碼

解決辦法一

該方法針對未Root的設備，直接參看Android官方的文檔developer.android.com/training/ar… 可是這個辦法有個侷限就是隻能抓取本身APP的包，沒法抓取第三方APP，並且操做麻煩。

解決辦法二

本文章主要講的是該方法，一個一勞永逸的方法，就是將Charles的證書安裝爲系統證書。

1. 確保手機已經Root

至於Root的方法我就再也不累述

2. 下載證書

根據Charles的help瀏覽chls.pro/ssl下載證書，你能夠在設備上下載後adb pull到電腦上，也能夠直接用電腦瀏覽器下載。

3. 重命名證書

系統證書在目錄/system/etc/security/cacerts/下，咱們看到

其中的每一個證書的命名規則是 <Certificate_Hash>.<Number>,文件名是一個Hash值，然後綴是一個數字。後綴名的數字是爲了防止文件名衝突的，好比若是兩個證書算出的Hash值是同樣的話，那麼一個證書的後綴名數字能夠設置成0，而另外一個證書的後綴名數字能夠設置成1.

咱們用下面的命令計算出證書文件的Hash值 openssl x509 -subject_hash_old -in <Certificate_File>

4. 上傳證書

咱們將重命名好的證書adb push到/sdcard/Download，而後將其複製到/system/etc/security/cacerts/文件夾。

若是出現上面問題，那麼咱們就須要使用 mount -o rw,remount /system命令將system分區掛在爲可讀寫。
仍是失敗請依次執行下面命名：

adb root
adb disable-verity
adb reboot
adb remount
adb shell
mount -o rw,remount /system
複製代碼

複製好後將文件權限更改成644，並重啓設備

5. 驗證結果

設置》安全》信任的憑證，咱們能夠看到

HTTPS抓包咱們能夠看到