The SSL certificate of mobile phone APP is written to APP, how to export it? Ask for help

problem description

now many APP messages are sent via HTTPS, some are issued by the server, and some are written in APP. Package grabbing tools such as fiddler in the
server method are all captured by
but written in APP, and tools like fiddler have no way.

the background of the problem and what methods you have tried

I have tried to catch both fiddler and charles, but none of them can be caught by https.
Wireshark these are all encrypted.

what result do you expect? What is the error message actually seen?

Please ask the gods. Is there any way to export the SSL certificate in APP? In this way, I can guide into the bag grabbing tool, and then I can decrypt it.

Charles fiddler

Mar.25,2021

the same problem, but also the solution

decompress the apk file, you can see the client certificate file, and the private key should be encrypted.
you can view the code in the decompiled app,. For example, if the client certificate file name is client.p12, then you can look for the string in the decompiled code and the encryption key in the code before and after the decompilation. Tool jadx.
when I applied it, I found that the encryption key was written in the .so file, and all the strings of the .so file could be exported and verified one by one. You can also watch it with ida.

Previous: What is stored in redis is the scheduled task of celery, so does redis need to be persisted?

Next: How can you tpye the data in a list in different styles in vue?