apk-mitm v0.8.1 releases: A CLI application that prepares Android APK files for HTTPS inspection
A CLI application that automatically prepares Android APK files for HTTPS inspection
Inspecting a mobile app’s HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.
apk-mitm automates the entire process. All you have to do is give it an APK file and apk-mitm will:
- decode the APK file using Apktool
- modify the app’s AndroidManifest.xml to make it
- modify the app’s Network Security Configuration to allow user-added certificates
return-voidopcodes to disable certificate pinning logic
- encode the patched APK file using Apktool
- sign the patched APK file using uber-apk-signer
- If you open the patched app on your phone and get a dialog saying The app is missing required components and must be reinstalled from the Google Play Store, then the app is using the Android App Bundle. This means that installing it through an APK is not going to work regardless of whether it has been patched by apk-mitm or not.
- If the app uses Google Maps and the map is broken after patching, then the app’s API key is probably restricted to the developer’s certificate. You’ll have to create your own API key without restrictions and replace it in the app’s AndroidManifest.xml file.
- If apk-mitm crashes, while decoding or encoding the issue, is probably related to Apktool. Check their issues on GitHub to find possible workarounds.
- Update OWASP links in README e2afeef
- Speed up patching by not scanning all classes for certificate pinning c91d43e
- Disable certificate pinning more reliably 0856cda
$ npm install -g apk-mitm
$ npx apk-mitm <path-to-apk>
So, if your APK file is called example.apk, you’d run:
$ npx apk-mitm example.apk ✔ Decoding APK file ✔ Modifying app manifest ✔ Modifying network security config ✔ Disabling certificate pinning ✔ Encoding patched APK file ✔ Signing patched APK file Done! Patched APK: ./example-patched.apk
Copyright (c) Niklas Higi