Interface testing practice | What to do if the higher version of Android cannot capture HTTPS

In interface testing, I believe many people have encountered the problem that the high version of Android (Android7.0 and above) system cannot capture packets.

Since it was inconvenient to analyze and locate the problem during the testing process, I wanted to ask my development classmates for help. As a result, the developer also said that he couldn’t do it, so I had to solve it myself.

[[352694]]

Problem Analysis

The cause of the problem is analyzed as follows:

• Problem: Android 6.0 and below can capture packets, but Android 7.0 and above cannot capture packets;
• Reason: Android 7.0+ versions have added certificate verification, so the app no ​​longer trusts the user's certificate by default as before;

Refer to the online information to get the following solution:

Solution 1

1. Create an xml folder under the res directory of the Android project, and then create a file named "network_security_config.xml" inside it;

<network-security-config>
    <base-config cleartextTrafficPermitted= "true" >
 <trust-anchors>
            <certificates src= "system" overridePins= "true" />
            <certificates src= "user" overridePins= "true" />
 </trust-anchors>
 </base-config>
 </network-security-config>

2. In the tag in AndroidManifest, add the code:

android:networkSecurityConfig= "@xml/network_security_config"  

Then recompile and package to capture the package, which is also very convenient for developers. However, because I am testing an enterprise WeChat applet, it is simply a daydream to ask the developers of enterprise WeChat to help me do this, not to mention security issues...

Solution 2

The problem can be solved by finding an Android device or emulator with a version lower than 6.0 or equal to 6.0. However, considering that this is only a temporary solution and not a permanent one, the company itself does not have such a device, and the emulators we found are all Android 7.0, so we directly gave up this solution.

Then I had to find a developer again. After studying for a long time, the developer told me that my iOS can capture packets, but I don’t know about Android. For a moment, I wanted to flip the table...

I had to ask my test development classmates for solutions:

1. Use plan 1
2. Use another tool, such as Fidder, or BurpSuite, etc. (This attempt still doesn't work)
3. Go directly to NG to intercept, but part of what I need to capture is a third-party interface (the front is already high energy, this road is blocked)

Finally, I was still unwilling to give up, so I continued to search for various information. Finally, my hard work paid off and I found the final solution that met the requirements.

Final Solution

Charles + VirtualXposed + JustTrustMe

Implementation steps

Go to Github and download the following two Pages

• VirtualXposed: https://github.com/android-hacker/VirtualXposed
• JustTrustMe: https://github.com/Fuzion24/JustTrustMe

first step

Use the following adb command to install two pages respectively

adb -s R3J6R19B20004228 inatall VirtualXposed
 adb -s R3J6R19B20004228 install JustTrustMe

Step 2

After the installation is complete, enter the VirtualXposed apk application and click on the 6 dots to enter the settings page.

Step 3

Enter the settings page, click Module Management, and check JustTrustMe (of course I didn’t find it, maybe my version doesn’t need to be selected manually, it is automatically recognized after installation). After restarting, we re-enter the settings page and add the application we need to capture. I choose Enterprise WeChat as an example.

Step 4

Click Add Application and select the software you want to capture and install:

Configure Charles to capture packets

I will not explain here how to set up Charles proxy. I believe you can solve the problem by yourself. In the wifi settings of your phone, change the proxy to manual. Enter the IP and port: 8888 by default. Please note that the phone and computer should be on the same wifi.

Step 6

Go back to VirtualXposed, swipe up to unlock, open the enterprise WeChat we installed earlier, and you will find that Charles has successfully captured the HTTPS data packet of Anjuke:

Summarize

When encountering problems/bugs in testing work, people often get very annoyed and panicked, and at a loss. However, as a qualified tester, when encountering things, you still have to strive to be "unmoved by the collapse of Mount Tai in front of you, and unblinking by the rise of a deer on your left" (show your literary talent ~). Even if the development team gives up, you can still remain calm, which shows the true qualities of a test hero !

There is no shortcut to technical advancement, the only way is to accumulate step by step, step by step, and persist in going forward. Although this problem took several twists and turns, after I finally solved it, the developers looked at me differently, and I was more convincing when I reported bugs in the future.