For analysis and reverse engineering, it can be helpful to insert a
custom CA certificate into Waydroid’s system-wide trust store.
Users used to be able to do that via Android’s settings but not anymore.
The `install mitm` command accepts a path to a file that contains a
– typically self-signed – CA certificate in PEM format.
It then renames [1] and copies the file into the overlay file system,
placing it into Waydroid’s trust store.
As a usage example, the following command lines enable your host to use
mitmproxy [2] to act as a proxy and to intercept [3] HTTP(S) connections
that come from the Waydroid container:
```sh
$ timeout --preserve-status 2 mitmdump -n # creates a CA cert in ~/.mitmproxy
$ sudo venv/bin/python3 main.py install mitm --ca-cert ~/.mitmproxy/mitmproxy-ca-cert.pem
INFO: Creating directory: /system/etc/security/cacerts
INFO: Copying /home/yourname/.mitmproxy/mitmproxy-ca-cert.pem to system trust store
INFO: Target file: /system/etc/security/cacerts/6320a7db.0
INFO: mitm installation finished
$ sudo waydroid shell -- ls -l /system/etc/security/cacerts # double-check that it worked
[…]
-rw-r--r-- 1 root root 1191 2024-01-01 00:00 6320a7db.0
[…]
$ adb shell settings put global http_proxy ${YOUR_IP_HERE?}:3128 # tell Waydroid to use the proxy
# for all connections
$ mitmproxy -p 3128 # start proxy and display a TUI
# with HTTP(S) connections
# coming from Waydroid
```
[1]: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/#2-rename-certificate
[2]: https://mitmproxy.org/
[3]: https://docs.mitmproxy.org/stable/mitmproxytutorial-interceptrequests/
Change the MD5Sum Because trying it spams error because its invalid
Suggestion: Just add the main.zip to the Releases tag and let The script grab the 'stable' version there an just change it alongside with the python script library for update to not add issues
Alessandro Astone
mistrmochov
Casu Al Snek
Syuugo
Maciej Krüger
Lin Yinfeng
Claudia
Rikka
SUFandom