I am trying to proxy my phone running Android 7.1.2, to look at the gets and posts made through an app I'm working with. Using CharlesProxy 4.1.4, this is easily possible for iOS devices. However, the app functions differently on Android, and we want to know how.
I have configured my device to connect to Charles by entering the IP and Port, followed by navigating to chls.pro/ssl to get the CA certificate. Even on chrome, the certificate downloaded and installed without fault. I can see calls coming into Charles, but I cannot see any content of the call. Instead, it is listed as <unknown> stating SSLHandshake: Received fatal alert: certificate_unknown.
Is there another way I can actually trust this certificate? Or is there another way to successfully allow SSL with Android? Again, all of my settings work fine with iOS devices, so I do not need examples for that OS.
Thanks
As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.
In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.
Add a file res/xml/network_security_config.xml to your app:
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Then add a reference to this file in your app's manifest, as follows:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="#xml/network_security_config" ... >
...
</application>
</manifest>
Refer to: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
Related
I have installed charles proxy Certificate on Android Samsung tabA7.
Followed the steps:https://community.tealiumiq.com/t5/Tealium-for-Android/Setting-up-Charles-to-Proxy-your-Android-Device/ta-p/5121
When i launch the app on device, Charles Web proxy display the API responses as Unknown Kindly let me know how to resolve this issue and view the actual response.
If you have created the app you need to modify the manifest of Android app otherwise it won't work as Applications don't allow it by default.
Refer Charles documentation: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
Android:
As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.
Add a file res/xml/network_security_config.xml to your app:
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Then add a reference to this file in your app's manifest, as follows:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="#xml/network_security_config" ... >
...
</application>
</manifest>
Disclaimer: this looks incredibly the same as Ionic Native HTTP does not work for Anroid 9 (Pie) and up? but it isn't!
We are facing an incredibly strange and hard problem after updating our app today.
We are mantaining an Ionic v1 app for Android. It uses Cordova-Android 7. Today when we were uploading a new update to the play store we found a restriction forcing us to target SDK starting from 28. We added <preference name="android-targetSdkVersion" value="28" /> to the config.xml file, re-built the app, tested on some smartphones and uploaded it. After distribution, we found that all network communication is failing on Android 9 devices. We were sure that this would be the popular cleartext error, so we changed all URLs to HTTPS. But the problem persisted. Then we build the app again but with the debuggable attribute on the manifest so we could inspect the app and see the errors, and we discovered that if we switch the debuggable feature on, the error doesn't happen - we are just adding it to the manifest, we are still building with the --release flag.
So, the final scenario is:
http requests fail only after targeting SDK 28, only on Android 9 devices, and only if the app is built with --release flag and we don't put the debuggable attribute on the manifest
if we change any point above error disappears so no way to debug
app is using https on all requests
when the app fails, requests don't reach the server, we already watched at that
So what the hell may be failing here?
Finally it seemed to be a somewhat kind of cleartext error teorically out of any specification. Our discovery was that adding
<edit-config file="AndroidManifest.xml" mode="merge" target="/manifest/application">
<application android:usesCleartextTraffic="true" />
</edit-config>
to the android platform tag on the config.xml file solved the problem. So we can assure that on our Ionic 1 + Cordova-Android 7 + Cordova CLI 8 + Ionic CLI 4 + HTTPS + non debuggable production build scenario, HTTPS requests were interpreted as cleartext requests and thus blocked until we statedly allowed them.
I don't know if I ask this in the right place. I Ask it on global furum but didn't get any response.
I have an app that run well on an droid. I want to build it on UWP as well. I have been able to build the app and make it run but some plug-in that use native resource do not work.
For one, native storage,
the second I notice by now is network resource (HTTP request and websocket client).
Those was working well under android. e.i.:
getData(): Observable<AlarmData> {
return this.http.get<AlarmData>(this.server.url() + '/ajax_alarms');
}
I have seen that UWP need some certificate, I found in my app at least one related to network:
<Capabilities>
<Capability Name="internetClient" />
</Capabilities>
But I have not found if and how should I add more...
I tested it on a windows10 machine,
ionic 4.0.6
Take a look on MS own sample:
https://github.com/Microsoft/Windows-universal-samples/tree/master/Samples/HttpClient
You have to allow the app to use a resource before you have access.
This morning I was able to capture https traffic on the version of Fiddler I had installed. I was prompted about a Fiddler update available. I clicked the "Next time" option. After closing fiddler and reopening a few minutes later the update was automatically installed (v4.6.20172.31233, 64-bit). Following that update, I am not able to take any traces from my iOS device. I am on a work computer capturing https traffic from my iPhone to monitor a mobile app.
It should also be noted that I'm unable to capture any traffic or visit any web pages on my iPhone when going through the IP and port 8888 setup with Fiddler. Seems like all data is blocked (even when I'm not attempting to capture https with a trusted certificate).
I have attempted a few things:
Went through these steps (which I had done months ago to originally setup fiddler), and it didn't resolve the situation: http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForiOS
I checked my Tools > Options and everything seems to be configured the same as it was previously.
I double, triple and quadruple confirmed that my iPhone's IP Address and port are correctly matching what fiddler shows when I hover the mouse over the "Online" icon. I confirmed that I'm on the same wifi network on both my laptop and iPhone.
I removed the trusted certificate from my iPhone, but could not download a new one because when I go to ipv4.fiddler:8888 the page does not load. "Safari cannot find the page" and neither can Chrome (from my iPhone). FiddlerMachineIP:8888 loads on my laptop browser, but not my iPhone browser. (I didn't post full http:// links on this post because I have a new stack overflow account and it won't let me yet)
I downloaded the certificate plugin for iOS once more.
I reset my Fiddler Root Certificate by selecting Tools > Options > HTTPS tab > Actions > Reset All Certificates.
I attempted step 4 above again, no success
I closed and reopened fiddler multiple times between each step to restart it, but no success.
Restarted my laptop and iPhone (because why not?)
Do you have any suggestions for what else I can try? Any help is much appreciated. The only thing that was changed was the version of Fiddler. After that, I attempted to run through all the steps above. Currently I'm in a situation where I cannot download the certificate to trust on my iPhone. I don't know what is preventing me from doing that step.
Edit: I reinstalled fiddler and went through all the setup pages. It didn't seem to fix the situation. My phone for some reason will not load the page necessary to download the certificate (ipv4.fiddler:8888)
Try checking the certificate's full trust settings at Settings > General > About > Certificate Trust Settings. Make sure the DO_NOT_TRUST_FiddlerRoot is enabled for full trust.
Disable Windows Firewall and try again. I faced the same problem, and it helped.
I have a sencha touch example application which works fine on browser (using sencha web start) and iOS and Android simulators (built with phonegap and launched using sencha app build -run native).
I made few changes and was testing in browser alone, unfortunately. When I finally launched the app in simulators, app does not launch. I do not see the main view corresponding screen. It shows a blank screen on app launch. Application works fine in simulator browser as well. App based launch alone fails.
How do I troubleshoot the app failures on simulator? Are there any logs I need to look at? Have no clue.
I have Sencha Touch 2.3.1 and Sencha Cmd v4.0.4.84 on ubuntu OS.
No IDE as of now.
UPDATE
Was able to narrow it down to the store problem. I am trying to launch the First App in sencha docs. Store is making ajax call to googleapis. Not sure if this is causing the problem. I changed this to use local store and app launch worked fine. No idea why app is not able to get the data from googleapis. Simulator browser is able to get the data but just not the app.
As mentioned in the update, app tried to access google api url to get the json data. config.xml in project's root folder prevented access to external domains. As a result app failed to render the view. Fixing it as mentioned in Error: Whitelist rejection in Phonegap to allow required domains worked.
<!--
Define access to external domains.
<access /> - a blank access tag denies access to all external resources.
<access origin="*" /> - a wildcard access tag allows access to all external resource.
Otherwise, you can specify specific domains:
-->
<access origin="http://127.0.0.1*"/> <!-- allow local pages -->
Change <access origin= to <access origin="*"/> to allow all domains or use your specific domains.