Android證書分為“用戶證書”和“系統(tǒng)證書”兩種，在設(shè)置->安全->"查看安全證書"列表中，可以看到“系統(tǒng)”和“用戶”兩個Tab。用戶通過瀏覽器下載安裝或者通過WLAN高級設(shè)置安裝的證書均為用戶證書。

安裝為系統(tǒng)證書有什么好處呢?

（1）安裝用戶證書必須要設(shè)置開機(jī)密碼，而且設(shè)置后就不能取消，除非先刪掉所有的用戶證書。如果安裝為系統(tǒng)證書就不需要設(shè)置開機(jī)密碼，自動化操作時更方便。

（2）Android 7以上版本APP默認(rèn)不信任用戶證書，只信任系統(tǒng)證書，安裝為用戶證書，對APP的HTTPS抓包會失敗。安裝為全局證書才能被所有APP信任，方可進(jìn)行HTTPS抓包。

怎么將Fiddler或Mitmproxy的證書安裝為安卓系統(tǒng)證書呢？

Android的系統(tǒng)證書的存儲位置是/system/etc/security/cacerts，證書文件必須是PEM格式，而且文件命名必須符合系統(tǒng)證書規(guī)范。

下面是具體的步驟（注意：設(shè)備必須先ROOT）：

view plaincopy to clipboardprint?

#?第一步，先下載好Fiddler或Mitmproxy的證書文件，PEM或者DER格式均可。??

#?第二步，獲取有效的系統(tǒng)證書文件名。??

#?如果是PEM格式的：??

openssl?x509?-inform?PEM?-subject_hash_old?-in?mitmproxy-ca-cert.pem?-noout??

#?如果是DER格式的：??

openssl?x509?-inform?der?-subject_hash_old?-in?FiddlerRoot.cer??-noout??

#?例如，輸出8bbe0e8d??

#?第三步，轉(zhuǎn)換證書格式為PEM格式，并重命名證書為有效的系統(tǒng)證書名。??

#?如果是PEM格式的:??

openssl?x509?-inform?PEM?-in?mitmproxy-ca-cert.pem?-out?8bbe0e8d.0??

#?如果是DER格式的：??

openssl?x509?-inform?der?-in?FiddlerRoot.cer?-out?8bbe0e8d.0??

#?第四步，上傳準(zhǔn)備好的證書文件到設(shè)備，例如??

adb?push8bbe0e8d.0?/sdcard/??

#?第五步??

#?以下進(jìn)入adb?shell后操作??

adb?shell??

#?獲取root權(quán)限??

su??

#?重新掛載系統(tǒng)，以可以寫入文件到系統(tǒng)目錄??

mount?-o?rw,remount?/system??

#?復(fù)制證書到Android系統(tǒng)證書目錄??

cp?/sdcard/8bbe0e8d.0?/system/etc/security/cacerts??

#?修改證書權(quán)限??

chmod644?/system/etc/security/cacerts/8bbe0e8d.0??

#?上述可整合為一句??

adb?shell"su?-c?'mount?-o?rw,remount?/system;cp?/sdcard/8bbe0e8d.0?/system/etc/security/cacerts;chmod?644?/system/etc/security/cacerts/8bbe0e8d.0;'"??

#?重啟設(shè)備??

adb?reboot??

操作完成之后，我們就能在系統(tǒng)證書列表中看到，如下圖所示：

上述步驟很繁瑣。下面給出一個我們APP數(shù)據(jù)采集項目中用到的自動化腳本，能夠自動完成系統(tǒng)證書的安裝全過程。支持PEM和DER兩種格式。

view plaincopy to clipboardprint?

#?coding:?utf-8??

#?install_as_android_system_ca.py??

#?添加證書為證書為安卓系統(tǒng)證書??

#?要求:??

#?(1)本地OpenSSL版本?>?1.0;??

#?(2)目標(biāo)設(shè)備已ROOT;??

#?已測試驗證：??

#?Android?5.1測試驗證通過;??

#?Android?7.0測試驗證通過;??

#?注意：Android?6.0尚未驗證通過，原因尚不知;??

import?sys??

import?os??

import?subprocess??

def?install(local_ca_path,?device=None):??

"""安裝證書為安卓系統(tǒng)證書

????local_ca_path?-?證書的本地路徑，支持CER格式和PEM格式;

????device?-?目標(biāo)設(shè)備序列號,若不指定則為默認(rèn)設(shè)備;

????"""??

#?判斷本地證書是否為PEM格式??

????with?open(local_ca_path)?as?f:??

if?'--BEGIN?CERTIFICATE--'?in?f.read():??

#?PEM格式的??

is_pem?=True??

else:??

#?非PEM格式的??

is_pem?=False??

print?'CA?file?"{}"?is?{}?format.'.format(local_ca_path,?'PEM'?if?is_pem?else?'CER')??

#?獲取有效的系統(tǒng)證書文件名??

print?'Generate?valid?android?system?CA?file?name?for?"{}"...'.format(local_ca_path)??

if?is_pem:??

cmd?='openssl?x509?-inform?PEM?-subject_hash_old?-in?{}?-noout'.format(local_ca_path)??

else:??

cmd?='openssl?x509?-inform?der?-subject_hash_old?-in?{}??-noout'.format(local_ca_path)??

print?cmd??

android_system_ca_name?=?subprocess.check_output(cmd,?shell=True).strip()?+?'.0'??

print?'Android?system?CA?file?name?for?"{}"?is:?{}'.format(local_ca_path,?android_system_ca_name)??

#?準(zhǔn)備傳輸?shù)桨沧肯到y(tǒng)的證書，本地路徑??

android_system_ca_filepath?=?os.path.join(os.path.dirname(sys.argv[0]),?android_system_ca_name)??

#?如果是CER格式，轉(zhuǎn)為PEM格式??

if?local_ca_path.lower().endswith('.cer'):??

print?'Convert?CER?"{}"?into?PEM?"{}"...'.format(local_ca_path,?android_system_ca_filepath)??

if?is_pem:??

cmd?='openssl?x509?-inform?PEM?-in?{}?-out?{}'.format(local_ca_path,?android_system_ca_filepath)??

else:??

cmd?='openssl?x509?-inform?der?-in?{}?-out?{}'.format(local_ca_path,?android_system_ca_filepath)??

print?cmd??

print?subprocess.check_output(cmd,?shell=True)??

#?上傳到SD卡根路徑??

adb_cmd_prefix?='adb?'?if?not?device?else?'adb?-s?"{}"?'.format(device)??

print?'Push?"{}"?onto?device?/sdcard/...'.format(android_system_ca_filepath)??

cmd?=?adb_cmd_prefix?+'push?"{}"?/sdcard/'.format(android_system_ca_filepath)??

print?cmd??

print?subprocess.check_output(cmd,?shell=True)??

#?將證書復(fù)制到系統(tǒng)證書目錄下??

print?'Move?/sdcard/{}?to?/system/etc/security/cacerts,?and?set?permission.'.format(android_system_ca_name)??

cmd?=?adb_cmd_prefix?+'''''shell?"su?-c?'mount?-o?rw,remount?/system;cp?/sdcard/{}?/system/etc/security/cacerts;chown?root:root?/system/etc/security/cacerts/{};chmod?644?/system/etc/security/cacerts/{};'"'''.format(android_system_ca_name,?android_system_ca_name,?android_system_ca_name)??

print?cmd??

print?subprocess.check_output(cmd,?shell=True)??

#?把剛復(fù)制到安卓系統(tǒng)證書目錄下的證書內(nèi)容打印出來，看看是否復(fù)制成功了??

cmd?=?adb_cmd_prefix?+'shell?cat?/system/etc/security/cacerts/{}'.format(android_system_ca_name)??

if?'--BEGIN?CERTIFICATE--'?in?subprocess.check_output(cmd,?shell=True):??

#?完成，提示重啟設(shè)備??

print?'Successed.?Need?to?reboot?the?device?now!'??

else:??

#?失敗了，應(yīng)該是權(quán)限不足，目標(biāo)設(shè)備沒ROOT??

print?'Failed.?Please?root?the?device?first!'??

if?__name__?==?'__main__':??

try:??

local_ca_path?=?sys.argv[1]??

except?IndexError:??

print?'Usage:?python?install_as_android_system_ca.py?"Local?ca?path(support?.cer?and?.pem)"?[Device]'??

try:??

device?=?sys.argv[2]??

except?IndexError:??

device?=None??

????install(local_ca_path=local_ca_path,?device=device)??