Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
Features
- Decode the APK file using Apktool
- Replace the app's Network Security Configuration to allow user-added certificates
- Modify the source code to disable various certificate pinning implementations
- Encode the patched APK file using Apktool
- Sign the patched APK file using uber-apk-signer
- You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required
Categories
MiTM (Man-in-The-Middle) AttackLicense
MIT LicenseFollow apk-mitm
Other Useful Business Software
MongoDB Atlas runs apps anywhere
MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of apk-mitm!