D
Chaos Proxy
Start Debugging
← Back to Blog
Flutter

Flutter SSL Bypass Guide: Dio & HttpOverrides

Updated January 2026 • 2 min read

🚨 DANGER: Debug Only!

Never deploy code that bypasses SSL validation to production. It exposes your users to data theft. Use kDebugMode to ensure this code only runs during development.

Flutter's Dart VM has its own certificate store, so it often ignores system-level proxy settings or certificates unless explicitly configured. Here is how to force it to trust your proxy or dev server.

Note: This bypasses Flutter's Dart HTTP client verification. If you use WebViews or native views, you still need to configure Android Network Security Config or iOS ATS.

Method 1: Global Override (Standard HttpClient)

This is the "nuclear option". It overrides HttpClient creation globally for the entire app. Ideal if you use the standard http package or dart:io directly.

main.dart
import 'dart:io';
import 'package:flutter/foundation.dart'; // for kDebugMode

class MyHttpOverrides extends HttpOverrides{
  @override
  HttpClient createHttpClient(SecurityContext? context){
    return super.createHttpClient(context)
      ..badCertificateCallback = (X509Certificate cert, String host, int port)=> true;
  }
}

void main() {
  // 🚨 SAFETY CHECK: Only run in debug mode
  if (kDebugMode) {
     HttpOverrides.global = MyHttpOverrides();
  }
  runApp(const MyApp());
}

Method 2: Dio Library

The popular Dio package doesn't always perform well with HttpOverrides. It uses its own adapter system. Here is how to configure Dio to ignore SSL errors.

dio_config.dart
import 'package:dio/dio.dart';
import 'package:dio/io.dart';
import 'package:flutter/foundation.dart'; // for kDebugMode
import 'dart:io';

void configureDio(Dio dio) {
  // 🚨 SAFETY CHECK: Only allow in Debug mode
  if (!kDebugMode) return;

  (dio.httpClientAdapter as IOHttpClientAdapter).createHttpClient = () {
    final client = HttpClient();
    // Trust all certificates
    client.badCertificateCallback = (X509Certificate cert, String host, int port) => true;
    return client;
  };
}

void main() {
  final dio = Dio();
  configureDio(dio); // <--- Call this before making requests

  runApp(MyApp(dio: dio));
}

3. How to verify?

Make a request to a self-signed endpoint (e.g., your local API). If you get a 200 OK response instead of a HandshakeException, the bypass is active.

Debugging Flutter Network? Try Debuggo to inspect your Flutter traffic (HTTP & Websockets) without complex setup.

Start Chaos Testing on Flutter

Get Free Proxy Account

Looking for Native code?

Android Version
Bypassing SSL in Android OkHttp →
iOS Version
Bypassing SSL in Swift →

Stop manually ignoring SSL errors.

Get Cloud Proxy