In Android 7.0, Google introduced changes to the way user Certificate Authorities (CA) are trusted. These changes prevent third-parties from listening to network requests coming out of the application: More info:
- https://developer.android.com/training/articles/security-config.html
- http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html
This script injects into the APK network security exceptions that allow third-party software like Charles Proxy/Fiddler to listen to the network requests and responses of some Android applications.
Download the script and the XML file and place them in the same directory.
- APKTOOL is not needed anymore.
You will need apktool and the Android SDK installed
I recommend using brew on Mac to install apktool:
brew install apktool
- Update line 52 with your username in addSecurityExceptions.sh
The script take two arguments:
- APK file path.
- keystore file path (optional - Default is: ~/.android/debug.keystore )
./addSecurityExceptions.sh myApp.apk
or
./addSecurityExceptions.sh myApp.apk ~/.android/debug.keystore