ProxymanApp
export .0 cert file for rooted android devices
Description
We would like to add a feature on Mac to “Export certificates in .0 format.”
The current process is somewhat complex. I have to first download the certificate in .pem format on my phone and then convert it to .0 format.
For reference on how to convert a .pem certificate to .0 format, please check: https://blog.csdn.net/haduwi/article/details/125696208
Why this feature/change is important?
I know that Proxyman currently offers a solution for exporting certificates in .pem format, but this process is a bit cumbersome. For rooted Android devices, there is actually a simpler way to capture network traffic:
After exporting the certificate in .pem format, you can use the following command:
openssl x509 -subject_hash_old -in CERT.pem
This command will get a filename at first line. Rename the file with a .0 extension.
Then, push the renamed file to the /system/etc/security/cacerts/ directory on the phone. This will allow you to capture network traffic easily without needing to configure res/xml/network_security_config.xml in your app.
You should use the Automatic Script for Android Emulator: https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator
It does everything you mentioned in 1-clicks
You should use the Automatic Script for Android Emulator: https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator
It does everything you mentioned in 1-clicks
The core issue is not that installing the certificate is complicated, but rather that after installing the certificate, you still need to configure res/xml/network_security_config.xml.
This means you can’t capture traffic from apps developed by others because you can’t add a new network_security_config.xml to someone else’s app.
However, if provide a certificate file in .0 format, we can capture traffic from all apps installed on the android phone, not just the ones we developed.
I understand it works with the rooted Android device
You can can export the PEM file in the Certificate menu -> Export and manually convert to 0. cert
May I ask @andforce. Does your approach (.0 cert) work with a normal Android Emulator (which is launched from Android Studio) ?
I'd like to get rid of this res/xml/network_security_config.xml
I understand it works with the
rootedAndroid deviceYou can can export the PEM file in the Certificate menu -> Export and manually convert to 0. cert
I’m currently manually converting certificates into .0 format, which allows for perfect packet capture, but the process is a bit complex.
May I ask @andforce. Does your approach (.0 cert) work with a normal Android Emulator (which is launched from Android Studio) ?
I'd like to get rid of this
res/xml/network_security_config.xml
Here’s a simple explanation of why a .0 certificate can bypass the need for res/xml/network_security_config.xml to capture traffic from all apps:
In the Android system, whether it’s an emulator or a physical device, system certificates are stored in /system/etc/security/cacerts/ :
emu64a:/system/etc/security/cacerts # ls
01419da9.0 1e8e7201.0 302904dd.0 3c899c73.0 5046c355.0 5fdd185d.0 76579174.0 86212b19.0 9339512a.0
...
99e1b953.0 ab5346f4.0 b872f2b4.0 c491639e.0 d16a5865.0 d96b65e2.0 e48193cf.0 f0cd152c.0
These are system-type certificates trusted by the system. So, if we can find a way to place the .0 certificate file into this directory, it will be trusted by the system, allowing us to capture traffic from all apps.
@andforce you should try this Beta build: https://github.com/ProxymanApp/Proxyman/issues/2250#issuecomment-2647407568
Proxyman can install the certificate to system-level store.