Installing the Man-in-the-Middle Certificate¶
This chapter describes how to install a system-level root certificate on your Android system, with compatibility across all Android versions. You can use the interfaces in this chapter in conjunction with Set Proxy to perform man-in-the-middle packet capture. Of course, you may also choose to use our packaged startmitm.py; we are merely introducing the usage of this feature here.
Preparation¶
Ensure you have prepared a certificate provided by Fiddler or mitmproxy. For mitmproxy, the certificate you should use is mitmproxy-ca-cert.pem. For Fiddler, it may be in crt format; you can export this file in Fiddler and provide the file path directly as a parameter, with no need to worry about file names or format conversion. To avoid unnecessary time waste, mitmproxy is recommended here. If you are using Charles or similar tools, we cannot guarantee that you can complete the setup in one go, because such applications involve complex configuration items and you may need to understand various proxy types to correctly configure HTTPS man-in-the-middle. If you must use it, we suggest using Charles' SOCKS5 as the proxy protocol.
Installing the Root Certificate¶
Install the man-in-the-middle system root certificate. cert_path is the path to the certificate file. Once installed, it persists permanently and does not need to be reinstalled after a reboot.
d.install_ca_certificate(cert_path)
Hint
The certificate installation and uninstallation interface is universal. You can use it to install certificates required by any application, and you can use it to install certificates provided by Fiddler/Charles, simply by providing the file path.
Uninstalling the Root Certificate¶
Remove a custom root certificate that has been installed on the device. Frequent installation and uninstallation is not recommended.
d.uninstall_ca_certificate(cert_path)
The complete code for installing the mitmproxy man-in-the-middle system certificate is as follows:
import os
# Build the path to the mitmproxy-ca-cert.pem file
HOME = os.path.expanduser("~")
cert_path = os.path.join(HOME, ".mitmproxy", "mitmproxy-ca-cert.pem")
# Taking mitmproxy as an example, use the following code to install the MITM certificate
d.install_ca_certificate(cert_path)
# Use the following code to uninstall the certificate
d.uninstall_ca_certificate(cert_path)