1 在res/xml 夹下新建 network_security_config.xml 文件
2 在 network_security_config.xml 文件中输入以下内容:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config cleartextTrafficPermitted="true" /> <debug-overrides> <trust-anchors> <certificates overridePins="true" src="system" /> <certificates overridePins="true" src="user" /> </trust-anchors> </debug-overrides> </network-security-config>重点: overridePins="true" 属性不能少。
3 在清单文件(AndroidManifest.xml)中引用network_security_config.xml 文件
<application ... android:networkSecurityConfig="@xml/network_security_config" android:theme="@style/AppTheme"> ... </application>经过以上步骤即可解决Android7.0以上系统无法抓包问题。
如果经过上述步骤,在部分手机上还是不能实现抓包,那么可以使OkHttp强制信任所有证书
新建工具类
public class OkHttpSslUtils { public static SSLSocketFactory createSSLSocketFactory() { SSLSocketFactory sSLSocketFactory = null; try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager[]{new TrustAllManager()}, new SecureRandom()); sSLSocketFactory = sc.getSocketFactory(); } catch (Exception e) { } return sSLSocketFactory; } public static class TrustAllManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}
使用
OkHttpClient.Builder httpClientBuilder = new OkHttpClient.Builder(); httpClientBuilder .sslSocketFactory(OkhttpSslUtils.createSSLSocketFactory(), new OkhttpSslUtils.TrustAllManager()) // OkHttp抓包问题,强制Okhttp信任所有证书 .connectTimeout(MAX_TIME_OUT, TimeUnit.SECONDS) .readTimeout(MAX_TIME_OUT, TimeUnit.SECONDS) .writeTimeout(MAX_TIME_OUT, TimeUnit.SECONDS);
