Edit on GitHub

#  Install System CA Certificate on Android Emulator

Since Android 7, apps ignore user certificates, unless they are configured to use them. As most applications do not explicitly opt in to use user certificates, we need to place our mitmproxy CA certificate in the system certificate store, in order to avid having to patch each application, which we want to monitor.

Please note, that apps can decide to ignore the system certificate store and maintain their own CA certificates. In this case you have to patch the application.

#  1. Prerequisites

#  2. Rename certificate

Enter your certificate folder

cd ~/.mitmproxy/

openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
Lets assume, the output is c8450d0d

We can now copy mitmproxy-ca-cert.cer to c8450d0d.0 and our system certificate is ready to use

cp mitmproxy-ca-cert.cer c8450d0d.0

#  3. Insert certificate into system certificate store

Note, that Android 9 (API LEVEL 28) was used to test the following steps and that the emulator executable is located in the Android SDK

emulator -avd <avd_name_here> -writable-system
adb root
adb shell "mount -o rw,remount /"
adb push c8450d0d.0 /system/etc/security/cacerts
adb shell "chmod 664 /system/etc/security/cacerts/c8450d0d.0"

#  4. Reboot device and enjoy decrypted TLS traffic

adb reboot

Remember: You always have to start the emulator using the -writable-system option in order to use your certificate