Tutorial Intercepting HTTPS Traffic from Apps on Android 7 and above (ROOT)

[AndnixSH]

Since Android 7 Nougat, Android no longer trusts user or admin supplied CA certificates. Use an older version of Android, 6 or below for your testing. If you must use Android 7 Nougat then you will need to install a trusted CA at the Android OS level on a rooted device or emulator.

If you have other way to do on root way, importantly Android 10 or 11, Let me know. Please don't tell me non-root way, like modifying apps, I don't like that, thanks

Magisk Trust User Certs
This module makes all installed user certificates part of the system certificate store, so that they will automatically be used when building the trust chain. This module makes it unnecessary to add the network_security_config property to an application's manifest.

Note: Some devices doesn't work with this

Installation

1. Install Magisk
2. Download zip Releases · NVISOsecurity/MagiskTrustUserCerts
3. Install in Magisk
4. Install certificates through normal flow Burp or Fiddler
5. Restart the device
6. The installed user certificates can now be found in the system store.

Removing certificates
Remove the certificate from the user store through the settings, and restart the device.

 

[fsociety]

Nice Tutorial Bro May be this will help me to debug , i use lower version of android lolipop and use xposed installed + ssl bypass pinning , 70% apps able to debug it . but i face some issues like some apps wont lets to bypass it keep saying "No network Connection" even on ssl bypass so in that case what we need to do , or this method will work ?

 

[AndnixSH]

Nice Tutorial Bro May be this will help me to debug , i use lower version of android lolipop and use xposed installed + ssl bypass pinning , 70% apps able to debug it . but i face some issues like some apps wont lets to bypass it keep saying "No network Connection" even on ssl bypass so in that case what we need to do , or this method will work ?

Contact the developer who made the bypass
I don't think this magisk module helps you

 

[fsociety]

Contact the developer who made the bypass
I don't think this magisk module helps you

hmmm , i will install geny motion and will use android 7 version and will testout in upcoming weeks.

i hear some different and long methods like need to decompile the apk and add network trust certificate to bypass it.

 

[kaabmassawi]

yes you can easly use httpcanary its work on android 10/11 to
Thanks

 

[AndnixSH]

hmmm , i will install geny motion and will use android 7 version and will testout in upcoming weeks.

i hear some different and long methods like need to decompile the apk and add network trust certificate to bypass it.

I already said in the thread i don't like this decompilng method. I'm talking about root only

yes you can easly use httpcanary its work on android 10/11 to
Thanks

isn't it a paid app?

 

[kaabmassawi]

I already said in the thread i don't like this decompilng method. I'm talking about root only


isn't it a paid app?

its is free but Some features are paid

 

[AndnixSH]

its is free but Some features are paid

Ok, i will take a look

 

[fsociety]

Ok, i will take a look

ya i saw cracked version of http canrany but still you can mek new crack if possobe.

 

[AndnixSH]

ya i saw cracked version of http canrany but still you can mek new crack if possobe.

It's protected by jiagu so idk how to crack it, but i just have found cracked version from other sites. Might gonna share here

Edit: mod does not work

 

[DDeveloper]

Ok, i will take a look

Http Canary is one of the most powerful packet sniffer tools out there but sadly it got removed from Playstore. It came handy for me but not now as i switched to a new device (rooted Android 10)

 

[fsociety]

Http Canary is one of the most powerful packet sniffer tools out there but sadly it got removed from Playstore. It came handy for me but not now as i switched to a new device (rooted Android 10)

yeah i saw it got removed from play store.

 

[UserTOP]

Does this module work on Android 13?