Implement the root certificate of mobile installation (system certificate) and use drony to solve the problem that some common proxy applications cannot grab packages


Android Certificates are divided into "User Certificate" and "System Certificate", which are set in->security->"View Security Certificate"In the list, you can see two lists, System and User. Users can download and install through the browser or through WLAN Advanced settings install certificates that are user certificates.

Two considerations for certificates

(1)Installation of a user certificate requires an open password to be set and cannot be cancelled unless all user certificates are deleted first. If installed as a system certificate, an open password is not required and automation is more convenient.
(2)Android 7 Above Version APP By default, user certificates are not trusted, system certificates are only trusted, installed as user certificates, and APP Of HTTPS Capturing packages will fail. Install as a global certificate to be owned by all APP Trust before proceeding HTTPS Grab a bag.

By default, for Android 7.0+ (API level 24+) Applications no longer trust what users or administrators add CA Certificate for secure connection. (Previously, we actually installed the security certificate on the Android phone as a user trust security certificate, the new version if APP A request to set up our proxy is considered unsafe.)
Android The storage location of the system certificate is/system/etc/security/cacerts,Certificate file must be PEM Format and file naming must conform to system certificate specifications

Through the instructions, we understand that many applications will not be able to grab packages because many applications have ssl or check agent's anti-grabbing measures, so it will be impossible to grab packages at this time. The answer is of course not.
There are still such articles on the Internet, but it always takes a lot of articles to find a solution to the problems encountered, so in view of this situation, I write this article as my own, in order to avoid using it in the future.

This article lists the Night God simulator (because there is no root on hand)
Take fiddler4 as an example for the package capture tool
Take Windows 10 as an example for computer devices

I. Preparations

1. Prepare a mobile phone that is already root ed (this paper takes Night God simulator as an example)
2. Install ADB and OpenSSL on your computer (I don't mind leaving links if Aliyun supports sharing this kind of things, because it's still a simple environment to install, so don't leave tutorials and links, just Baidu by itself)
3. fiddler4 is installed on your computer

2. Install Root Certificate Process

  1. fiddler export CERs

    Open fiddler, select Tools in the navigation bar, select Options, then select the HTTPS card, click Actions on the right, and select the second certificate everywhere to the desktop

Note that there are two ticks to grab HTTPS traffic

  1. CerCertificate to pem cer tificate
    cmd needs to enter the directory where CERs are located
openssl x509 -inform der -in FiddlerRoot.cer -out FiddlerRoot.pem

Or enter with a certificate path, where youname refers to a user name such as zhangsan

openssl x509 -inform der -in C:\Users\youname\Desktop\FiddlerRoot.cer -out FiddlerRoot.pem
  1. Rename hash value for certificate calculation and pem certificate
openssl x509 -inform PEM -subject_hash -in FiddlerRoot.pem -noout

Will output a hash value

Here's a format mentioned in another blog
Blog Links.

#PEM or DER formats are available

#If in PEM format:
In: openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.pem -noout
out: c8750f0d

# If in DER format:
In: openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer -noout
out: c8750f0d

  1. Assign a hash value and rename the xxx.pem certificate to a hash value suffix of 0 (e.g. c8750f0d.0)

  2. adb connects mobile phone

    Check if your computer is successfully connected to your mobile phone

    adb devices -l #Display all connected device details:
    Run the following command to connect if not connected
    adb connect #Default Port 

    Connection success status

  3. adb pushes certificates to sdcard directory

    #Incoming mobile phone, reminds Xiao Bai to pay attention to the source file (that is, xxxx/xxx/c8750f0d.0) directory problem
    adb push c8750f0d.0 /sdcard
  4. adb shell modifies system directory permissions (to avoid Read-only file system errors when adb push occurs)

    • Enter cmd

    • adb remount

    • adb shell

    • su or # (get root rights on your phone)

    • #The mount system directory is writable (so this method is not available, modify the system permissions directly with the command below)
      mount -o rw,remount /

    • chmod 777 system

  5. Move the certificate to the directory (/system/etc/security/cacerts/)
    Move the certificate to the destination directory immediately after modifying the system permissions above

    mv /sdcard/c8750f0d.0 /system/etc/security/cacerts

9. #Modify Certificate Permissions

chmod 644 /system/etc/security/cacerts/c8750f0d.0

If not, a system certificate has been installed on your phone

Check for success:
Mobile Settings - Security - Credential Storage - Trusted Credentials (Trusted CA Certificates)
Note that other certificates have different names

3. Install drony

Share links provided by netizens

English version Password: 68e1
Chinese version Password: 2b71

Instructions for use: Mobile phone wifi No generation required at{too}{filter}Management, Packaging Tool Generation{too}{filter}Native,Using the simulator during the test, the real machine needs to turn off all the computer firewalls before it can recognize the connection WiFi,Only partial app Available if app Two-way generation{too}{filter}Probably not

My Love Article Links

Droni_1.3.155 Google Store Edition: Extraction code: 45fi
My Love Article Links

Because the software method is the same, I pulled some pictures out of my love (invasion and deletion)

Finally, you can grab your bag happily

Because the night God simulator is used in this article, this time drony is configured from the simulator, it will not be able to go online (the real machine without root can go online). It used to be able to grab packages normally on the root. I don't know if it is a problem of the simulator or what, it is temporarily unresolved.
If a big man knows it, don't skip pointing

Leave a reference link at the end

Reasons and solutions for some APP s failing to proxy package snapping (flutter package)
Error in Read-only file system when adb push

Add a Mitmproxy certificate for Android (Night God Simulator)

Keywords: Android

Added by ultrasound0000 on Sun, 17 Oct 2021 19:29:04 +0300