通过 ADB 安装用户证书
Install User Certificate Via ADB
有没有办法通过 ADB 在 Security -> Trusted Credential -> User tab 下安装 CA 证书(.crt 文件)?或任何其他 "scriptable" 方式。
我想出了一个方法来做到这一点,因此我能够信任查尔斯代理证书。它将被添加为受信任的 SSL 根证书。
首先您需要获取证书哈希
openssl x509 -inform PEM -subject_hash_old -in charles-proxy-ssl-proxying-certificate.pem | head -1>toto
我使用 windows,将其存储在 matter 中的 var 中以自动执行该过程 set /p totoVar=<toto
set totoVar=%totoVar%.0 && DEL toto
cat charles-proxy-ssl-proxying-certificate.pem > %totoVar%
openssl x509 -inform PEM -text -in charles-proxy-ssl-proxying-certificate.pem -out nul >> %totoVar%
adb shell mount -o rw,remount,rw /system
adb push %totoVar% /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
多亏了这个答案我才能够改编一个适用于bashshell:
的脚本
PEM_FILE_NAME=logger-charles-cert.pem
hash=$(openssl x509 -inform PEM -subject_hash_old -in $PEM_FILE_NAME | head -1)
OUT_FILE_NAME="$hash.0"
cp $PEM_FILE_NAME $OUT_FILE_NAME
openssl x509 -inform PEM -text -in $PEM_FILE_NAME -out /dev/null >> $OUT_FILE_NAME
echo "Saved to $OUT_FILE_NAME"
adb shell mount -o rw,remount,rw /system
adb push $OUT_FILE_NAME /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
(是的,我知道这应该是一条评论,但我还没有足够的声誉 post 它作为评论)
我能够通过以下步骤获得 server 证书显示在 Trusted Credential -> User 选项卡(而不是系统选项卡,其他答案显示)下:
#!/bin/bash
subjectHash=`openssl x509 -inform PEM -subject_hash_old -in server.crt | head -n 1`
openssl x509 -in server.crt -inform PEM -outform DER -out $subjectHash.0
adb root
adb push ./$subjectHash.0 /data/misc/user/0/cacerts-added/$subjectHash.0
adb shell "su 0 chmod 644 /data/misc/user/0/cacerts-added/$subjectHash.0"
adb reboot
就我而言,我首先需要将模拟器启动为可写:
adb start-server
emulator -writable-system -avd Pixel_2_API_24
然后就可以安装证书了:
adb root
adb remount
adb push c8750f0d.0 /system/etc/security/cacerts
https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android
2022:httptoolkit 有一个很好的解决方案,无需重新启动 即可将自定义证书 注入 root devices/emulators
set -e # Fail on error
# Create a separate temp directory, to hold the current certificates
# Without this, when we add the mount we can't read the current certs anymore.
mkdir -m 700 /data/local/tmp/htk-ca-copy
# Copy out the existing certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Copy the existing certs back into the tmpfs mount, so we keep trusting them
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Copy our new cert in, so we trust that too
mv ${certificatePath} /system/etc/security/cacerts/
# Update the perms & selinux context labels, so everything is as readable as before
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Delete the temp cert directory & this script itself
rm -r /data/local/tmp/htk-ca-copy
rm ${injectionScriptPath}
echo "System cert successfully injected"
将文件推送到设备
adb push "C:\path\cacert.cer" "/data/local"
启动 CertInstaller
adb shell am start -n com.android.certinstaller/.CertInstallerMain -a android.intent.action.VIEW -t application/x-x509-ca-cert -d file:///data/local/cacert.cer
现在根据您设备上出现的提示完成安装。
有没有办法通过 ADB 在 Security -> Trusted Credential -> User tab 下安装 CA 证书(.crt 文件)?或任何其他 "scriptable" 方式。
我想出了一个方法来做到这一点,因此我能够信任查尔斯代理证书。它将被添加为受信任的 SSL 根证书。
首先您需要获取证书哈希
openssl x509 -inform PEM -subject_hash_old -in charles-proxy-ssl-proxying-certificate.pem | head -1>toto
我使用 windows,将其存储在 matter 中的 var 中以自动执行该过程 set /p totoVar=<toto
set totoVar=%totoVar%.0 && DEL toto
cat charles-proxy-ssl-proxying-certificate.pem > %totoVar%
openssl x509 -inform PEM -text -in charles-proxy-ssl-proxying-certificate.pem -out nul >> %totoVar%
adb shell mount -o rw,remount,rw /system
adb push %totoVar% /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
多亏了这个答案
PEM_FILE_NAME=logger-charles-cert.pem
hash=$(openssl x509 -inform PEM -subject_hash_old -in $PEM_FILE_NAME | head -1)
OUT_FILE_NAME="$hash.0"
cp $PEM_FILE_NAME $OUT_FILE_NAME
openssl x509 -inform PEM -text -in $PEM_FILE_NAME -out /dev/null >> $OUT_FILE_NAME
echo "Saved to $OUT_FILE_NAME"
adb shell mount -o rw,remount,rw /system
adb push $OUT_FILE_NAME /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
(是的,我知道这应该是一条评论,但我还没有足够的声誉 post 它作为评论)
我能够通过以下步骤获得 server 证书显示在 Trusted Credential -> User 选项卡(而不是系统选项卡,其他答案显示)下:
#!/bin/bash
subjectHash=`openssl x509 -inform PEM -subject_hash_old -in server.crt | head -n 1`
openssl x509 -in server.crt -inform PEM -outform DER -out $subjectHash.0
adb root
adb push ./$subjectHash.0 /data/misc/user/0/cacerts-added/$subjectHash.0
adb shell "su 0 chmod 644 /data/misc/user/0/cacerts-added/$subjectHash.0"
adb reboot
就我而言,我首先需要将模拟器启动为可写:
adb start-server
emulator -writable-system -avd Pixel_2_API_24
然后就可以安装证书了:
adb root
adb remount
adb push c8750f0d.0 /system/etc/security/cacerts
https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android
2022:httptoolkit 有一个很好的解决方案,无需重新启动 即可将自定义证书 注入 root devices/emulators
set -e # Fail on error
# Create a separate temp directory, to hold the current certificates
# Without this, when we add the mount we can't read the current certs anymore.
mkdir -m 700 /data/local/tmp/htk-ca-copy
# Copy out the existing certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Copy the existing certs back into the tmpfs mount, so we keep trusting them
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Copy our new cert in, so we trust that too
mv ${certificatePath} /system/etc/security/cacerts/
# Update the perms & selinux context labels, so everything is as readable as before
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Delete the temp cert directory & this script itself
rm -r /data/local/tmp/htk-ca-copy
rm ${injectionScriptPath}
echo "System cert successfully injected"
将文件推送到设备
adb push "C:\path\cacert.cer" "/data/local"
启动 CertInstaller
adb shell am start -n com.android.certinstaller/.CertInstallerMain -a android.intent.action.VIEW -t application/x-x509-ca-cert -d file:///data/local/cacert.cer
现在根据您设备上出现的提示完成安装。