How to patch Android app to sniff its HTTPS traffic with self-signed certificate

patch_apk_for_sniffing.md

How to patch Android app to sniff its HTTPS traffic with self-signed certificate

• Download apktool from https://ibotpeaches.github.io/Apktool/
• Unpack apk file: java -jar /home/expert/work/tools/apktool.jar d net.flixster.android-9.1.3@APK4Fun.com.apk
• Modify AndroidManifest.xml by adding android:networkSecurityConfig="@xml/network_security_config" attribute to application element.
• Create file /res/xml/network_security_config.xml with following content:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

• Build patched apk: java -jar /home/expert/work/tools/apktool.jar b flixster -o flixster_patched.apk
• Generate keys to sign apk: keytool -genkey -alias keys -keystore keys # password
• Sign apk file: jarsigner -verbose -keystore keys /home/expert/Downloads/lancet/flixster_patched.apk keys
• If necessary convert apk to jar for further analysis: d2j-dex2jar.sh net.flixster.android-9.1.3@APK4Fun.com.apk
• To find what cyphers suites are supported by remote server calls: nmap --script ssl-enum-ciphers -p 443 youtubei.googleapis.com or sslscan youtubei.googleapis.com
• To check what cypher suites your client supports query https://www.howsmyssl.com/a/check