Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
Features
- Decode the APK file using Apktool
- Replace the app's Network Security Configuration to allow user-added certificates
- Modify the source code to disable various certificate pinning implementations
- Encode the patched APK file using Apktool
- Sign the patched APK file using uber-apk-signer
- You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required
Categories
MiTM (Man-in-The-Middle) AttackLicense
MIT LicenseFollow apk-mitm
Other Useful Business Software
Go From AI Idea to AI App Fast
Access Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of apk-mitm!