apk-mitm v1.3 releases: A CLI application that prepares Android APK files for HTTPS inspection

by do son · Published October 19, 2019 · Updated May 1, 2024

apk-mitm

A CLI application that automatically prepares Android APK files for HTTPS inspection

Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.

apk-mitm automates the entire process. All you have to do is give it an APK file and apk-mitm will:

decode the APK file using Apktool
modify the app’s AndroidManifest.xml to make it debuggable
modify the app’s Network Security Configuration to allow user-added certificates
insert return-void opcodes to disable certificate pinning logic
encode the patched APK file using Apktool
sign the patched APK file using uber-apk-signer

Caveats

If you open the patched app on your phone and get a dialog saying The app is missing required components and must be reinstalled from the Google Play Store, then the app is using the Android App Bundle. This means that installing it through an APK is not going to work regardless of whether it has been patched by apk-mitm or not.
If the app uses Google Maps and the map is broken after patching, then the app’s API key is probably restricted to the developer’s certificate. You’ll have to create your own API key without restrictions and replace it in the app’s AndroidManifest.xml file.
If apk-mitm crashes, while decoding or encoding the issue, is probably related to Apktool. Check their issues on GitHub to find possible workarounds.

Changelog v1.3

Add “Limitations & alternatives” section to README 11821ae
Fix --certificate only working with .pem files 51578b4
Fix --apktool accidentally being required ce83872
Update uber-apk-signer to v1.3.0 472e52e
Clean up handling of relative input paths 973f246
Make shell commands in README easier to copy (#114) 09f3190
Update apktool to v2.9.3 c962144
Shorten “decoded-directory-by-apktool” in CLI output be5c995
Throw error when input directory does not contain an apktool.yml file 62bf931
Move logic to determine task type into separate function c911d1e
Make sure files extracted from zip files have the right Unix permissions 24854f9
Add cli option to replace google maps api key (#98) 8eb2c2d
Add support for patching an unpacked apk (#97) 816cd99

Install

$ npm install -g apk-mitm

Use

If you have an up-to-date version of Node.js (8.2+) and Java (8+), you can run this command to patch an app:

$ npx apk-mitm <path-to-apk>

So, if your APK file is called example.apk, you’d run:

$ npx apk-mitm example.apk

  ✔ Decoding APK file
  ✔ Modifying app manifest
  ✔ Modifying network security config
  ✔ Disabling certificate pinning
  ✔ Encoding patched APK file
  ✔ Signing patched APK file

   Done!  Patched APK: ./example-patched.apk

You can now install the example-patched.apk file on your Android device and use a proxy like Charles or mitmproxy to look at the app’s traffic.

Copyright (c) Niklas Higi

Source: https://github.com/shroudedcode/