Android 11 Charles 手机抓包安装根证书

标签: none

安卓7之前把 ca证书安装到用户证书下即可, 但安卓7以上只有系统级证书才能被信任(APP 可以设置信任范围, 默认只信任系统范围的证书), 所以为了能正常抓包, 需要把ca证书安装到系统证书下

准备工作:

  • 电脑安装了Charles(其他抓包工具也是一样的原理)
  • 一台已root手机
  • 电脑安装adb

导出证书

export_ca.png

把证书(.pem格式)导出到本地路径,名称为charles.pem, 并到该路径打开cmd

1.获取文件名

> openssl x509 -inform PEM -subject_hash_old -in cacert.pem
faf57fe3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIGAXWqowQPMA0GCSqGSIb3DQEBCwUAMIGbMSwwKgYDVQQD
....
aXDrm30UE6+dWdQ3n0ePVLNcHV+ZrIqwka94M/t8HavZpm4y
-----END CERTIFICATE-----

然后将 cacert.pem 文件重命名为 faf57fe3.0 (faf57fe3 需要根据你自己生成 的结果进行调整)

2.编辑证书内容 (重要!!!)

使用命令获取证书扩展内容, 如果没有这一步安装的证书没有详细信息.

> openssl x509 -inform PEM -in faf57fe3.0 -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:76:ee:04:af:62
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = "Charles Proxy CA (11 Jan 2021, ACESHEEP)", OU = https://charlesproxy.com/ssl, O = XK72 Ltd, L = Auckland, ST = Auckland, C = NZ
        Validity
            Not Before: Jan  9 20:37:33 2021 GMT
            Not After : Jan  9 20:37:33 2022 GMT
        Subject: CN = "Charles Proxy CA (11 Jan 2021, ACESHEEP)", OU = https://charlesproxy.com/ssl, O = XK72 Ltd, L = Auckland, ST = Auckland, C = NZ
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:02:b1:62:11:c1:4d:f3:3f:2d:71:b8:e4:26:
                    ....
                    b0:fc:24:e5:c6:d9:cd:09:01:a8:8f:d4:8e:10:b8:
                    23:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Comment:
                ....This Root certificate was generated by Charles Proxy for SSL Proxying. If this certificate is part of a certificate chain, this means that you're browsing through Charles Proxy with SSL Proxying enabled for this website. Please see http://charlesproxy.com/ssl for more information.
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Subject Key Identifier:
                94:88:6E:5E:E4:17
    Signature Algorithm: sha256WithRSAEncryption
         8a:e4:47:c4:f2:ba:07:46:08:03:0c:91:94:c9:cf:b4:9c:73:
         ....
         ae:39:f3:a2

把这一段文本粘贴到证书结尾, 组合为完整的 CA 文件.
保存格式为 UTF-8 换行符为 LF

>cat faf57fe3.0

-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIGAXbuBK9iMA0GCSqGSIb3DQEBCwUAMIGjMTQwMgYDVQQD
....
86I=
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:76:ee:04:af:62
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = "Charles Proxy CA (11 Jan 2021, ACESHEEP)", OU = https://charlesproxy.com/ssl, O = XK72 Ltd, L = Auckland, ST = Auckland, C = NZ
        Validity
            Not Before: Jan  9 20:37:33 2021 GMT
            Not After : Jan  9 20:37:33 2022 GMT
        Subject: CN = "Charles Proxy CA (11 Jan 2021, ACESHEEP)", OU = https://charlesproxy.com/ssl, O = XK72 Ltd, L = Auckland, ST = Auckland, C = NZ
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:02:b1:62:11:c1:4d:f3:3f:2d:71:b8:e4:26:
                    ....
                    b0:fc:24:e5:c6:d9:cd:09:01:a8:8f:d4:8e:10:b8:
                    23:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Comment:
                ....This Root certificate was generated by Charles Proxy for SSL Proxying. If this certificate is part of a certificate chain, this means that you're browsing through Charles Proxy with SSL Proxying enabled for this website. Please see http://charlesproxy.com/ssl for more information.
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Subject Key Identifier:
                94:88:6E:5E:E4:17
    Signature Algorithm: sha256WithRSAEncryption
         8a:e4:47:c4:f2:ba:07:46:08:03:0c:91:94:c9:cf:b4:9c:73:
         ....
         ae:39:f3:a2

这样组合之后再导入手机就可以了

导入到手机

执行以下adb命令将证书导入到 /system/etc/security/cacerts/

第一步关闭验证

>adb disable-verity
using overlayfs
Successfully disabled verity
Now reboot your device for settings to take effect

>adb reboot

开发版系统自带 root 的情况:

# 第一个窗口
adb root
adb shell
su
mount -o rw,remount /system
# 打开第二个窗口上传证书
adb push faf57fe3.0 /system/etc/security/cacerts/
# 第二个窗口传完证书继续执行
chmod 644 /system/etc/security/cacerts/faf57fe3.0
reboot

使用 Magisk(面具) root:

adb push faf57fe3.0 /sdcard/
adb shell
su
mount -o rw,remount /system
mv /sdcard/faf57fe3.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/faf57fe3.0
reboot

到手机系统设置 > 安全 > 更多安全设置 > 加密与凭据 > 信任的凭据, 在系统下找到刚才安装的证书(本人用的miui12开发版,不同手机位置可能不同)

miui12_1.png
miui12_2.png

原文
抓包安卓7以上ca证书安装方法
最全面的解决Charles手机抓包的证书问题(步骤非常详细)


扫描二维码,在手机上阅读!

添加新评论