Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
Features
- Decode the APK file using Apktool
- Replace the app's Network Security Configuration to allow user-added certificates
- Modify the source code to disable various certificate pinning implementations
- Encode the patched APK file using Apktool
- Sign the patched APK file using uber-apk-signer
- You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required
Categories
MiTM (Man-in-The-Middle) AttackLicense
MIT LicenseFollow apk-mitm
You Might Also Like
Our Free Plans just got better! | Auth0 by Okta
You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of apk-mitm!