将您的根 CA 证书安装为用户定义的证书"进入模拟器是现代 Android 设备(Android 6+)的错误方式.

Installing your root CA certificate as "User defined certificate" into the emulator is the wrong way for modern Android devices (Android 6+).

用户安装的 CA 证书默认不受应用信任.在有 root 权限的设备上，您可以安装新的 CA 证书作为系统证书，如下所示:

User installed CA certificates are by default not trusted by apps. On a rooted device you can install new CA certificates as system certificates as shown here:

• 中间人代理证书示例:https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
• https://ivrodriguez.com/installing-self-signed-android 上的证书/

如果您的设备已植根并安装了 Magisk，您还可以使用 Magisk 移动证书 将用户安装的证书移动到系统存储中的模块.

If your device is rooted and has Magisk installed you can also use the Magisk Move Certificates module that moves user installed certificates into the system store.

自从 Google 引入 Android 网络安全配置以来，每个应用都必须明确将用户定义的证书添加到信任列表:

Since Google introduced the Android Network Security Configuration every app has to explicitly add the user defined certificates to the trust list:

res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="system"/>
            <certificates src="user"/>
        </trust-anchors>
    </base-config>
</network-security-config>

未定义 Android 网络安全配置或具有此类配置但不包含 <certificates src="user"/> 条目的每个应用都将忽略您额外安装的证书.

Every app that does not define a Android Network Security Configuration or that have such a configuration but do not include the <certificates src="user"/> entry will ignore your additionally installed certificate.

并确保 AndroidManifest.xml 在 标签中包含 android:networkSecurityConfig 属性:

And make sure the AndroidManifest.xml contains the android:networkSecurityConfig attribute in the <application> tag:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config"
                    ... >
        ...
    </application>
</manifest>

此外，一些应用(例如 Google 服务和 Play 商店)执行证书/密钥固定，这完全可以防止破坏 HTTPS 流量，除非系统被大量修改:

Additionally some apps (e.g. Google services and Play Store) perform certificate/key pinning which totally prevents breaking the HTTPS traffic unless the system is heavily modified:

您必须根设备并安装 EdXposed/Xposed + 多个模块以允许 SSL/TLS 拦截，例如 TrustMeAlready 和 SSL Unpinning).

You have to root the device and install EdXposed/Xposed + multiple modules to allow SSL/TLS interception like TrustMeAlready and SSL Unpinning).

或者，您可以使用 Frid​​a 和某些脚本来禁用 SSL/TLS 证书检查和一些固定实现.据我所知，基于 Frida 的 Objection 项目包含一些 SSL 取消固定脚本.

Alternatively you can use Frida and certain scripts for disabling SSL/TLS certificate checking and some pinning implementations. As far as I know the Frida based Objection project contains some SSL unpinning script(s).