- Download apktool from https://ibotpeaches.github.io/Apktool/
- Unpack apk file:
java -jar d apktool.jar app.apk
- Modify
AndroidManifest.xml
by addingandroid:networkSecurityConfig="@xml/network_security_config"
attribute to application element. - Create file
/res/xml/network_security_config.xml
with following content:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
- Build patched apk:
java -jar apktool.jar b app -o app_patched.apk
- Generate keys to sign apk:
keytool -genkey -alias keys -keystore keys
- Sign apk file:
jarsigner -verbose -keystore keys app_patched.apk keys
- If necessary convert apk to jar for further analysis:
d2j-dex2jar.sh app.apk
- Source: https://stackoverflow.com/questions/52862256/charles-proxy-for-mobile-apps-that-use-ssl-pinning
- Android:
JustTrustMe (based on Xposed)
Android-SSL-TrustKiller (Cydia Substrate)
- iOS:
SSL Kill Switch 2 (based on Cydia)