Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to patch Android app to sniff its HTTPS traffic with self-signed certificate

How to patch Android app to sniff its HTTPS traffic with self-signed certificate

  • Download apktool from https://ibotpeaches.github.io/Apktool/
  • Unpack apk file: java -jar /home/expert/work/tools/apktool.jar d net.flixster.android-9.1.3@APK4Fun.com.apk
  • Modify AndroidManifest.xml by adding android:networkSecurityConfig="@xml/network_security_config" attribute to application element.
  • Create file /res/xml/network_security_config.xml with following content:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>
  • Build patched apk: java -jar /home/expert/work/tools/apktool.jar b flixster -o flixster_patched.apk
  • If you see followint error try running java -jar /home/expert/work/tools/apktool.jar empty-framework-dir --force or run b command with parameter --use-aapt2
W: invalid resource directory name: /home/expert/Downloads/Zzzzzz/Zzzzzz_v0.0.0/res navigation
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_5815054990385134498.tmp, p, --forced-package-id, 127, --min-sdk-version, 23, --target-sdk-version, 29, --version-code, 226000400, --version-name, 226.000.0, --no-version-vectors, -F, /tmp/APKTOOL14466004687895005947.tmp, -e, /tmp/APKTOOL4388243966604401097.tmp, -0, arsc, -I, /home/expert/.local/share/apktool/framework/1.apk, -S, /home/expert/Downloads/Zzzzzz/Zzzzzz_v0.0.0/res, -M, /home/expert/Downloads/Zzzzzz/Zzzzzz_v0.0.0/AndroidManifest.xml]
  • Generate keys to sign apk: keytool -genkey -alias keys -keystore keys -keyalg RSA -keysize 2048 -validity 10000 # password
  • Sign apk file: jarsigner -verbose -keystore keys /home/expert/Downloads/lancet/flixster_patched.apk keys
  • If necessary convert apk to jar for further analysis: d2j-dex2jar.sh net.flixster.android-9.1.3@APK4Fun.com.apk
  • To find what cyphers suites are supported by remote server calls: nmap --script ssl-enum-ciphers -p 443 youtubei.googleapis.com or sslscan youtubei.googleapis.com
  • To check what cypher suites your client supports query https://www.howsmyssl.com/a/check
@rlxone
Copy link

rlxone commented Apr 28, 2021

I wrote a python script to automate this process.
https://github.com/rlxone/android-https-patcher

@unoexperto
Copy link
Author

unoexperto commented Apr 28, 2021

@rlxone Thank you, Dmitry!

@txtsd
Copy link

txtsd commented Jun 9, 2021

Thanks for these instructions!

@txtsd
Copy link

txtsd commented Jun 9, 2021

Ok so some patched apps do not install. Any way to debug why it happens?

@unoexperto
Copy link
Author

unoexperto commented Jun 9, 2021

@txtsd I couldn't figure it out. It seemed like apktool can't properly repack newer builds. So in my research I ended up using old versions of apk files. Please comment here if you find the root cause of the issue. I'll update the document.

@txtsd
Copy link

txtsd commented Jun 9, 2021

I had to use an older version of the apk too.
Maybe we can ask upstream?

@rlxone
Copy link

rlxone commented Jun 9, 2021

Same happened for me in rare cases. Didn't find the solution, used older versions.
@txtsd
Is there any logs why it can't install?
If you find the solution, i'll update my tool also.

@Korayem
Copy link

Korayem commented Aug 9, 2021

Same happened for me in rare cases. Didn't find the solution, used older versions.
@txtsd
Is there any logs why it can't install?
If you find the solution, i'll update my tool also.

Would this help? iBotPeaches/Apktool#1626 (comment)

@unoexperto
Copy link
Author

unoexperto commented Aug 9, 2021

I'll copy-paste it just in case, but I haven't had a chance to test it. Have you tested it, @Korayem ?

> Seems to work with 2.4.2-d3f9d5-SNAPSHOT.
> 
> After rebuilding, `zipalign` it using this command: `zipalign -p -f 4 input.apk output.apk`
> Then sign it with `apksigner` and should work now.

@Surendrajat
Copy link

Surendrajat commented Oct 9, 2021

@yak0n
Copy link

yak0n commented Mar 11, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment