Hello.
I have one rooted Bluestacks instance and I need to proxy data from it with Fiddler.
The issue in SSL traffic.
My test env is:
- Main host - Windows 10.
- Bluestacks is installed on main host.
- ProxyCap is installed on main host, configured to grab all traffic from Bluestacks to proxy traffic to Fiddler.
- Fiddler is installed on main host.
FiddlerRootCertificate.crt was successfully installed on main host. Also it was installed with HD-SslCertificateTool.exe to Bluestacks:
Installing certificate at FiddlerRootCertificate.crt into BlueStacks.
Certificate subject hash is e5c3944b.
Using certificate name e5c3944b.0
SSL certificate was successfully added.
I see e5c3944b.0 file in /system/etc/security/cacerts/ in emulator (Bluestacks).
But when I enable option in Fiddler "Decrypt HTTPS traffic", everything, that use HTTPS (Play Market, Apps, Google Chrome) stopped to work.
Meanwhile, when I open Google Chrome at main host, SSL sites opened fine and I see in site cert info DO_NOT_TRUST... So, env configured correctly.
I can't understand, why it doesn't work on Bluestacks?
I expected, that Google Chrome on Bluestacks will open sites with "DO_NOT_TRUST..." cert, or will show info about incorrect cert, when I am trying to open https://rbc.ru/
But it can't connect:
This site can’t be reached play.google.com unexpectedly closed the connection.
Try:
Checking the connection
ERR_CONNECTION_CLOSED
and in Fiddler I see 3 records with same result:
fiddler.network.https> HTTPS handshake to 80.68.253.3 (for #14208) failed. System.Security.Authentication.AuthenticationException The remote certificate is invalid according to the validation procedure.
Any ideas, how to make it work on Bluestacks?
2 Answers, 1 is accepted
Hi ArtUrlWWW,
I am not entirely familiar with Bluestacks. Although, if it is built on Android 7+ then what is happening is intentional. This is because the Android team added a security feature where apps targeting API Level 24+ will ignore user-installed root certificates.
Essentially, this is a security enhancement at the Platform Level and Fiddler doesn't have any way around it.
For more details, see the Using Fiddler with iOS 10 and Android 7 article.
In the meantime, please let me know if you need any additional information. Thank you for using the Fiddler Forums.
Regards,
Eric R | Senior Technical Support Engineer
Progress Telerik
Our thoughts here at Progress are with those affected by the outbreak.
Rank 1
Its not android 7++
as OP now, copying cert from /data/misc/.... to /system/... folder is solved problem, tested in all cert pinning apps include banking apps.
but bluestack, dont have full system, its like very super lite android. Dont says installing VPN cert,,, you even cannot set screen lock in bluestack
I also made some tests and I see, that OpenSSL gives an error with FiddlerRootCertificate.crt:
openssl x509 -inform PEM -text -in FiddlerRootCertificate.crt -out /dev/null >> 5ed36f99.0
Error is:
unable to load certificate
3069218832:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
May be problem is in FiddlerRootCertificate.crt and Android doesn't count it as trusted cert?