APK-MITM : Android APK Files for HTTPS Inspection

APK-MITM is a CLI application that automatically prepares Android APK files for HTTPS inspection.

Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.

apk-mitm automates the entire process. All you have to do is give it an APK file and it will:

You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required.

Also Read – LinuxCheck : Linux Information Collection Script 2019

Usage

If you have an up-to-date version of Node.js (8.2+) and Java (8+), you can run this command to patch an app:

$ npx apk-mitm <path-to-apk>

So, if your APK file is called example.apk, you’d run:

$ npx apk-mitm example.apk

✔ Decoding APK file
✔ Modifying app manifest
✔ Modifying network security config
✔ Disabling certificate pinning
✔ Encoding patched APK file
✔ Signing patched APK file

Done! Patched APK: ./example-patched.apk

You can now install the example-patched.apk file on your Android device and use a proxy like Charles or mitmproxy to look at the app’s traffic.

Patching App Bundles

You can also patch apps using Android App Bundle with apk-mitm by providing it with a *.xapk file (for example from APKPure) or a *.apks file (which you can export yourself using SAI).

Making Manual Changes

Sometimes you’ll need to make manual changes to an app in order to get it to work. In these cases the --wait option is what you need. Enabling it will make apk-mitm wait before re-econding the app, allowing you to make changes to the files in the temporary directory.

Caveats

  • If the app uses Google Maps and the map is broken after patching, then the app’s API key is probably restricted to the developer’s certificate. You’ll have to create your own API key without restrictions and run apk-mitm with the --wait option to be able to replace the com.google.android.geo.API_KEY value in the app’s AndroidManifest.xml file.
  • If apk-mitm crashes while decoding or encoding the issue is probably related to Apktool. Check their issues on GitHub to find possible workarounds. If you happen to find an Apktool version that’s not affected by the issue, you can instruct apk-mitm to use it by specifying the path of its JAR file through the --apktool option.

Installation

The above example used npx to download and execute apk-mitm without local installation. If you do want to fully install it, you can do that by running:

$ npm install -g apk-mitm

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

7 days ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago