Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
Features
- Decode the APK file using Apktool
- Replace the app's Network Security Configuration to allow user-added certificates
- Modify the source code to disable various certificate pinning implementations
- Encode the patched APK file using Apktool
- Sign the patched APK file using uber-apk-signer
- You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required
Categories
MiTM (Man-in-The-Middle) AttackLicense
MIT LicenseFollow apk-mitm
Other Useful Business Software
Build Agents and Models on One Platform
Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of apk-mitm!