APK-MITM is a CLI application that automatically prepares Android APK files for HTTPS inspection.
Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
apk-mitm
automates the entire process. All you have to do is give it an APK file and it will:
AndroidManifest.xml
to make it debuggable
return-void
opcodes to disable certificate pinning logicYou can also use apk-mitm
to patch apps using Android App Bundle and rooting your phone is not required.
Also Read – LinuxCheck : Linux Information Collection Script 2019
Usage
If you have an up-to-date version of Node.js (8.2+) and Java (8+), you can run this command to patch an app:
$ npx apk-mitm <path-to-apk>
So, if your APK file is called example.apk
, you’d run:
$ npx apk-mitm example.apk
✔ Decoding APK file
✔ Modifying app manifest
✔ Modifying network security config
✔ Disabling certificate pinning
✔ Encoding patched APK file
✔ Signing patched APK file
Done! Patched APK: ./example-patched.apk
You can now install the example-patched.apk
file on your Android device and use a proxy like Charles or mitmproxy to look at the app’s traffic.
Patching App Bundles
You can also patch apps using Android App Bundle with apk-mitm
by providing it with a *.xapk
file (for example from APKPure) or a *.apks
file (which you can export yourself using SAI).
Making Manual Changes
Sometimes you’ll need to make manual changes to an app in order to get it to work. In these cases the --wait
option is what you need. Enabling it will make apk-mitm
wait before re-econding the app, allowing you to make changes to the files in the temporary directory.
Caveats
apk-mitm
with the --wait
option to be able to replace the com.google.android.geo.API_KEY
value in the app’s AndroidManifest.xml
file. apk-mitm
crashes while decoding or encoding the issue is probably related to Apktool. Check their issues on GitHub to find possible workarounds. If you happen to find an Apktool version that’s not affected by the issue, you can instruct apk-mitm
to use it by specifying the path of its JAR file through the --apktool
option. Installation
The above example used npx
to download and execute apk-mitm
without local installation. If you do want to fully install it, you can do that by running:
$ npm install -g apk-mitm
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…