androidcharles-proxy

Unable to view HTTPS requests in Charles Proxy with Android

I am trying to debug an app on the Google Playstore so that I can see the requests that it is sending out. I've set up Charles Proxy on my computer to help me do so, but I am having issues with viewing requests sent out with https. My steps are listed below.

My Computer:
Manjaro Linux

My Phone:
Google Pixel 4a
Android 11
Not rooted

My Settings:
Using Charles v4.6.1
Proxy Settings
SSL Proxying Settings
My Access Control Setting's contain my phone's IP.

My Phone Settings:
Proxy Settings
Certificate

Here are my steps to allow the app use SSL through charles:

  1. Download the app from the Google Playstore.
  2. Find the apk and transfer it to my PC, and then uninstall the app through the Google Playstore.
  3. Decompile the apk using Apktool from XDA Forums.
  4. According to this and this, I need add the following lines below inside <network-security-config> inside the network security xml.
<debug-overrides>
    <trust-anchors>
        <certificates src="user"/>
    </trust-anchors>
</debug-overrides>
  1. The AndroidManifest.xml already follows the required changes, so I don't make any changes there.
  2. I compile the decompiled contents into an apk.
  3. I sign the built apk with Uber Apk Signer.
  4. I transfer the built and signed apk to my phone, and install it.

I do not get any errors at any step though this list.

Here is a screenshot of my view in Charles.

Thank you in advance, and please let me know if you need any more details.

Solution

  • Your network config there is within <debug-overrides>, which only applies for debug builds. Did you build the application in debug mode, or for production? If you don't build in debug mode then that config won't apply.

    You probably want to use <base-config> instead, which applies to all builds, not just debug builds. There's a full example here: https://httptoolkit.tech/docs/guides/android/#if-you-dont-have-a-custom-network-security-config.

    If that doesn't work, then it's likely that there's some certificate pinning in place in the application code itself, independent of the network security settings. To fix that you'll need to manually edit the code itself. You can also try using https://github.com/shroudedcode/apk-mitm which has a selection of automated patches that disable many common manual pinning implementations for you.