How to record an Android application using HTTPS traffic with JMeter
You have to load test an Android application that issues HTTPS traffic to your servers.
To do that you decide to use JMeter to record the traffic, unfortunately, you get:
Received fatal alert: certificate_unknown
**ensure browser is set to accept the JMeter proxy certificate**
Hopefully, you’ll see in this blog how to handle this case.
The solution (Android < 7):
First use JMeter Recording Template Then start JMeter’s HTTP(S) Test Script Recorder, it will generate in jmeter/bin folder, a file called
Copy file to your android device and install it as CA Certificate.
See How do I install a user certificate? thread for more details.
The certificate has limited life time (defaults to 7 days) but you can extend it by setting in user.properties
proxy.cert.validity=Number of days
The solution (Android >= 7):
Now a big problem triggers when you have an application running on Android >= 7.
Indeed, Google made a big change in it security policy by allowing applications to only use System installed Certificates. So your certificate will not be used.
So what is the solution ?
Well, you have 2 options:
The hacky one:
This solution is not a viable one IMO, as it requires you to root device to be able to install certificate
The clean one:
The clean one requires you to modify the APK in a little way.
So you’ll need to ask developer of application to modify the APK as described below.
Edit manifest and add :
<?xml version="1.0" encoding="utf-8"?> <manifest ... > <application android:networkSecurityConfig="@xml/network_security_config" ... > ... </application> </manifest>
Then add in res/xml/network_security_config.xml this:
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config> <trust-anchors> <!-- Trust preinstalled CAs --> <certificates src="system" /> <!-- Additionally trust user added CAs --> <certificates src="user" /> </trust-anchors> </base-config> </network-security-config>
Note that this is needed whatever tool you use (Neoload, LoadRunner, …)
Philippe Mouawad works as an Architect and technical expert for Ubik-Ingenierie where he leads among other things the development of UbikLoadPack a set of Commercial Plugins for Apache JMeter allowing to load test different protocols like MPEG-DASH, Http Live Streaming, HSS, HDS, GWT, JavaSerialization.
Philippe is a committer on the Apache JMeter project and member of the PMC since October 2011.
Finally he is a co-author of a french book on JMeter called Maîriser JMeter: Du test de charge à Devops.
Request a trial version HERE.
Ask for a turnkey or consulting service at email@example.com.
- Ubik Load Pack is a JMeter based solution for complex protocols.
- We provide professional services for Load Testing
- Follow us on Twitter and StackOverflow.