How to record an Android application using HTTPS traffic with JMeter
The context:
You have to load test an Android application that issues HTTPS traffic to your servers.
To do that you decide to use JMeter to record the traffic, unfortunately, you get:
Received fatal alert: certificate_unknown
**ensure browser is set to accept the JMeter proxy certificate**
Hopefully, you’ll see in this blog how to handle this case.
The solution (Android < 7):
First use JMeter Recording Template Then start JMeter’s HTTP(S) Test Script Recorder, it will generate in jmeter/bin folder, a file called ApacheJMeterTemporaryRootCA.crt
.
Copy file to your android device and install it as CA Certificate.
See How do I install a user certificate? thread for more details.
The certificate has limited life time (defaults to 7 days) but you can extend it by setting in user.properties
proxy.cert.validity=Number of days
The solution (Android >= 7):
Now a big problem triggers when you have an application running on Android >= 7.
Indeed, Google made a big change in it security policy by allowing applications to only use System installed Certificates. So your certificate will not be used.
So what is the solution ?
Well, you have 2 options:
The hacky one:
This solution is not a viable one IMO, as it requires you to root device to be able to install certificate
The clean one:
The clean one requires you to modify the APK in a little way.
So you’ll need to ask developer of application to modify the APK as described below.
Edit manifest and add :
android:networkSecurityConfig="@xml/network_security_config"
You’ll get:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config"
... >
...
</application>
</manifest>
Then add in res/xml/network_security_config.xml this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Note that this is needed whatever tool you use (Neoload, LoadRunner, …)
About the author:
Philippe Mouawad works as an Architect and technical expert for Ubik-Ingenierie where he leads among other things the development of UbikLoadPack a set of Commercial Plugins for Apache JMeter allowing to load test different protocols like MPEG-DASH, Http Live Streaming, HSS, HDS, GWT, JavaSerialization.
Philippe is a committer on the Apache JMeter project and member of the PMC since October 2011.
Finally he is a co-author of a french book on JMeter called Maîriser JMeter: Du test de charge à Devops.
Try it:
Request a trial version HERE.
Ask for a turnkey or consulting service at ubik-load-pack-sales@ubik-ingenierie.com.
About us:
- We provide professional services for Load Testing
- We’re strong contributors to JMeter and its eco-system
- Ubik Load Pack is a set of Enterprise Grade plugins for Apache JMeter. Our solutions are used by Big players
- Get a Free trial
Recent Posts
- How to setup ads insertion on video streaming with AWS Services 26 November 2024
- UbikLoadPack Video Streaming Plugin 10.0.0 26 November 2024
- UbikLoadPack Video Streaming Plugin 9.1.6 26 November 2024