I want to setup this app called Http Toolkit and for some reason I have the warning "System Trust Disabled". My android device is not rooted.
CodePudding user response:
This is due to limitations in recent versions of Android. On unrooted devices, it is impossible to install system certificates.
You can still intercept HTTPS traffic using just user certificates, but you will only be able to intercept apps that opt into this by explicitly trusting user certificates. Most apps don't do this, so this is useful for debugging your own apps, but not for reverse engineering other people's.
You have a few options:
- You can root your device.
- You can use an emulator - any emulator except the official 'Google Play' edition emulators will give you root access.
- You can use user certificates only, and modify the app to trust your user certificates either by editing the network security config if it's your own app (instructions here: https://httptoolkit.tech/docs/guides/android/#intercepting-traffic-from-your-own-android-app) or using tools like apk-mitm if not to modify the APK (this can work easily, but not always, so in many cases you'll need to do some manual app modification).
There's a lot more info in the HTTP Toolkit docs here: https://httptoolkit.tech/docs/guides/android/