CODEWITHSUNDEEP
androidcharles-proxy
Caleb Ruzicka
Caleb Ruzicka

Reputation: 21

Android 11 SSL handshake fails when using Charles Proxy

Unable to use Charles Proxy with Android devices since the update to 11. I've read the Configure CAs for debugging page and verified that the app I'm testing is set up per their instructions. This isn't a problem with iOS running the same app. It seems to only be an Android issue.

I can access the internet when proxying through Charles on Android which to me means the connection is good but when I go to use the app that's when things start to fail.

I'm mostly wondering if anyone else is experiencing this issue? If I can isolate my experience I can hopefully use that rationale to get this issue fixed.

Upvotes: 2

Views: 18980

Answers (2)

HduSy
HduSy

Reputation: 57

try to change the 'xxx.pem' to 'xxx.cer', and reinstall

Upvotes: 0

Noah Tran
Noah Tran

Reputation: 3594

From Android 11, or later, there are new configs in order to make Charles Proxy work:

  1. Verify that you install & trust Charles Proxy certificate. You can verify in Settings app -> Security -> Encryption & Credentials -> Trusted Credentials -> User Tab => Make sure Charles Proxy is loaded.

  2. You're only able to intercept SSL Proxying from your own app, not other apps.

  3. In your source code, add res/xml/network_security_config.xml

<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </debug-overrides>
    
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>

    <domain-config>
        <!-- Make sure your URL Server here -->
        <domain includeSubdomains="true">your_production_domain</domain>
        <trust-anchors>
            <certificates src="user"/>
            <certificates src="system"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

=> Replace your_production_domain with your working domain.

  1. Add to AndroidManifest.xml
<manifest>
    <application android:networkSecurityConfig="@xml/network_security_config">
    </application>
</manifest>

Read more at https://docs.proxyman.io/debug-devices/android-device

Upvotes: 11

Related Questions