Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.

Features

  • Decode the APK file using Apktool
  • Replace the app's Network Security Configuration to allow user-added certificates
  • Modify the source code to disable various certificate pinning implementations
  • Encode the patched APK file using Apktool
  • Sign the patched APK file using uber-apk-signer
  • You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required

Project Samples

apk-mitm Screenshot 1

Project Activity

See All Activity >

Categories

MiTM (Man-in-The-Middle) Attack

License

MIT License

Follow apk-mitm

apk-mitm Web Site

You Might Also Like
Our Free Plans just got better! | Auth0 by Okta Icon
Our Free Plans just got better! | Auth0 by Okta

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Try free now
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of apk-mitm!

Additional Project Details

Programming Language

TypeScript

Related Categories

TypeScript MiTM (Man-in-The-Middle) Attack Tool

Registered

2023-08-14
Report inappropriate content