不要在Android 9 Pie上使用代理 [英] Do not use proxy on android 9 pie

问题描述

我刚刚将Samsung Note 8手机升级到Android OS 9.0
当我进入高级wifi设置时，我选择手动使用代理模式。
主机：192.168.1.8
端口：8888
在计算机上，我打开了Fiddler软件以捕获数据包。但是，我无法捕获来自电话的任何数据包。在此之前，我使用的是Android OS 8.0。我仍然可以使用Fiddler
捕获数据包。Google是否在Android 9.0上具有更好的安全性

I just upgraded my Samsung Note 8 phone to Android OS 9.0 When I go to advanced wifi settings, I choose to use Proxy mode manually. Host: 192.168.1.8 Port: 8888 On the computer I turned on the Fiddler software to catch the packets. However, I could not catch any packets coming out from the phone. Before that I was using Android OS 8.0. I can still capture the packet using Fiddler Does Google have better security on Android 9.0

推荐答案

不确定您的确切身份建立。我可以推荐以下设置，该设置通常适用于所有Android版本（包括Android 9 / Pie）。注意：这是特定于应用程序的！

Not sure about your exact set up. I can recommend the following set up which generally works for me on all Android versions (including Android 9 / Pie). Note: this is app specific!

1. 下载并运行mitmproxy（ https://mitmproxy.org/ ）


2. 从Wifi设置中为设备设置代理（可能与您一样）


3. 在设备上打开浏览器，然后转到： http://mitm.it


4. 下载并安装证书


5. 将以下内容添加到应用的AndroidManifest.xml中：< application android：networkSecurityConfig = @ xml / network_security_config ...> ...< / application>


6. 将名为 network_security_config.xml ，然后输入以下内容：



1. Download and run mitmproxy (https://mitmproxy.org/)
2. Set up the proxy for the device from the Wifi settings (probably like you did)
3. Open browser on device and go to: http://mitm.it
4. Download and install certificate
5. Add the following to your app's AndroidManifest.xml: <application android:networkSecurityConfig="@xml/network_security_config" ... > ... </application>
6. Add to your XML resource folder a file named network_security_config.xml and put the following contents:

<!-- SECURITY RISK -  This app's network data can now be intercepted!!! -->
<network-security-config>
    <base-config>
        <trust-anchors>
            <!-- Trust preinstalled CAs -->
            <certificates src="system" />
            <!-- Additionally trust user added CAs -->
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

1. 重建并启动应用程序，现在您应该看到请求通过了mitmproxy（Web或控制台界面）

注意：对于已经编译的应用程序，相同的操作，您仍然可以遵循相同的逻辑和步骤（使用 apktool 进行反编译和重新组装），除非开发人员通过代码检查将证书固定（也可以通过 https://www.frida.re 之类的挂钩引擎来绕过。仍然可以规避，但不在此问题范围内：）

NOTE: if you want to achieve the same for an already compiled app, you can still follow same logic and steps (use apktool for decompile and re-assemble), unless the developer pinned the certificate via code checks (also can be bypassed by hooking engines like https://www.frida.re). Still possible to circumvent, but outside of this question scope :)

glhfdd

这篇关于不要在Android 9 Pie上使用代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！