问题
I'd like to view the https traffic from my app.
I installed fiddler on my pc and downloaded the certificate to the device and can view https traffic from the browser.
But when I try my app - I get javax.net.ssl.sslhandshakeexception java.secirity.cert.CertPathVelidatorException Trust anchor for certification path not found.
I believe the fiddler setup is correct as I can view https traffic from my phone browser.
Any help?
or other ways of doing the same.
I know from running java apps on the desktop - you can specify the proxy ip+port to the java vm - maybe something similar needs to be done on the device.
I was able to set up the emulator for http traffic - but https doesn't work - I installed the fiddler cert on the emulator also. Using Android 29.
回答1:
Installing the certificate into the system trust store on the device that is running Android 6 or newer requires root permissions to work properly in all apps.
Without root permissions you can only install the certificate into the "user" trust store, which is ignored by apps that have a targetSdkVersion set to 23 and higher.
Fortunately in your case we are talking about your own app which opens up a door to intercept traffic with Fiddler without root permissions:
In your app you have to provide an Network Security configuration file.
In that file you have two options:
Explicitly trusts the user trust store:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Include your Fiddler root CA certificate
You can include the Fiddler root CA certificate into your app and define that it should be trusted in debug builds (add the Fiddler root CA certificate file as raw resource debug_fiddler_root):
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="@raw/debug_fiddler_root"/>
</trust-anchors>
</debug-overrides>
</network-security-config>
来源:https://stackoverflow.com/questions/61159958/intercepting-app-https-traffic-on-android-device