Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Intercept SSL traffic for Android Nougat 7 and above version.

Pavan Bisaralli Aug 20, 2019 07:07AM UTC

Hi, do I need to decompile, add the security config xml file in application folder and recomiple every time while doing security testing in Android Nougat 7 and above versions ? As I am facing difficulty in testing android apps, needed more clarification on this.

Thank you


Liam Tai-Hogan Aug 20, 2019 12:36PM UTC Support Center agent

Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. Is it possible that the app isn’t respecting some of the settings you have configured?

Have you checked out this blog?

https://blog.nviso.be/2018/01/31/using-a-custom-root-ca-with-burp-for-inspecting-android-n-traffic/


Pavan Bisaralli Aug 21, 2019 01:59PM UTC
@Liam Tai-Hogan

Thank you so much it worked. Added below code in respective xml files.

Added below code under Network security config xml file

<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>

Added below code under Android Manifest.xml

<application android:allowBackup="true" android:networkSecurityConfig="@xml/network_security_config" ...etc...>

Liam Tai-Hogan Aug 21, 2019 03:13PM UTC Support Center agent

Thanks for letting us know Pavan.


Post Your public answer

Your name
Your email address
Answer