GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shroudedcode → Apk Mitm

shroudedcode / Apk Mitm

Licence: mit
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

Programming Languages

typescript
32286 projects

Labels

androidclireverse-engineeringapkmitmapktoolman-in-the-middle

Projects that are alternatives of or similar to Apk Mitm

Apklab
Android Reverse-Engineering Workbench for VS Code
Stars: ✭ 470 (-47.37%)
Mutual labels:  apktool, mitm, reverse-engineering
Apktool
A tool for reverse engineering Android apk files
Stars: ✭ 12,978 (+1353.3%)
Mutual labels:  apk, apktool, reverse-engineering
Hackdroid
Android Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (-65.29%)
Mutual labels:  apk, mitm
Apkshellext
Show app icons in windows explorer
Stars: ✭ 316 (-64.61%)
Mutual labels:  apk, apktool
Decompile Apk
🔥 Decompile APK(反编译APK)
Stars: ✭ 464 (-48.04%)
Mutual labels:  apk, apktool
Wifi Pumpkin Deprecated
DEPRECATED, wifipumpkin3 -> https://github.com/P0cL4bs/wifipumpkin3
Stars: ✭ 2,964 (+231.91%)
Mutual labels:  mitm, man-in-the-middle
Wirespy
Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).
Stars: ✭ 293 (-67.19%)
Mutual labels:  mitm, man-in-the-middle
Obfuscapk
An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques
Stars: ✭ 456 (-48.94%)
Mutual labels:  apk, apktool
ApkDecompiler
【Linux系统】上apk反编译助手,已打包为ApkDecompiler.deb,支持debian系linux,如debian、ubuntu、mint、deepin等等
Stars: ✭ 34 (-96.19%)
Mutual labels:  apk, apktool
Dexcalibur
[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (-42.67%)
Mutual labels:  apk, reverse-engineering
Pokemon Go Mitm
🎁 Pokemon Go MITM Proxy - Intercepts the traffic between your Pokemon Go app and their servers, decodes the protocol and gives you a handy tool to enrich your own game experience on the fly.
Stars: ✭ 475 (-46.81%)
Mutual labels:  mitm, man-in-the-middle
Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
Stars: ✭ 627 (-29.79%)
Mutual labels:  apk, reverse-engineering
Frick
frick - aka the first debugger built on top of frida
Stars: ✭ 267 (-70.1%)
Mutual labels:  cli, reverse-engineering
apk-decompiler
Small Rust utility to decompile Android apks
Stars: ✭ 48 (-94.62%)
Mutual labels:  apk, apktool
Mitmf
Framework for Man-In-The-Middle attacks
Stars: ✭ 3,277 (+266.97%)
Mutual labels:  mitm, man-in-the-middle
mitm-play
Man in the middle using Playwright
Stars: ✭ 13 (-98.54%)
Mutual labels:  mitm, man-in-the-middle
Reverseapk
Quickly analyze and reverse engineer Android packages
Stars: ✭ 419 (-53.08%)
Mutual labels:  apk, reverse-engineering
ESP-Bug
ESP8266 based WiFi implant to remotely track the presence of certain people or devices via a simple web interface
Stars: ✭ 78 (-91.27%)
Mutual labels:  mitm, man-in-the-middle
mps
MPS is a high-performance HTTP(S) proxy library that supports forward proxies, reverse proxies, man-in-the-middle proxies, tunnel proxies, Websocket proxies. MPS 是一个高性能HTTP(s)中间代理库,它支持正向代理、反向代理、中间人代理、隧道代理、Websocket代理
Stars: ✭ 64 (-92.83%)
Mutual labels:  mitm, man-in-the-middle
Uber Apk Signer
A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.
Stars: ✭ 677 (-24.19%)
Mutual labels:  apk, cli
View All Similar Projects ➔

apk-mitm

A CLI application that automatically prepares Android APK files for HTTPS inspection

Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.

apk-mitm automates the entire process. All you have to do is give it an APK file and apk-mitm will:

You can also use apk-mitm to patch apps using Android App Bundle and rooting your phone is not required.

Usage

If you have an up-to-date version of Node.js (10+) and Java (8+), you can run this command to patch an app:

$ npx apk-mitm <path-to-apk>

So, if your APK file is called example.apk, you'd run:

$ npx apk-mitm example.apk

  ✔ Decoding APK file
  ✔ Modifying app manifest
  ✔ Replacing network security config
  ✔ Disabling certificate pinning
  ✔ Encoding patched APK file
  ✔ Signing patched APK file

   Done!  Patched APK: ./example-patched.apk

You can now install the example-patched.apk file on your Android device and use a proxy like Charles or mitmproxy to look at the app's traffic.

Patching App Bundles

You can also patch apps using Android App Bundle with apk-mitm by providing it with a *.xapk file (for example from APKPure) or a *.apks file (which you can export yourself using SAI).

Making manual changes

Sometimes you'll need to make manual changes to an app in order to get it to work. In these cases the --wait option is what you need. Enabling it will make apk-mitm wait before re-enconding the app, allowing you to make changes to the files in the temporary directory.

If you want to experiment with different changes to an APK, then using --wait is probably not the most convenient option as it forces you to start from scratch every time you use it. In this case you might want to take a look at APKLab. It's an Android reverse engineering workbench built on top of VS Code that comes with apk-mitm support and should allow you to iterate much more quickly.

Caveats

  • If the app uses Google Maps and the map is broken after patching, then the app's API key is probably restricted to the developer's certificate. You'll have to create your own API key without restrictions and run apk-mitm with the --wait option to be able to replace the com.google.android.geo.API_KEY value in the app's AndroidManifest.xml file.

  • If apk-mitm crashes while decoding or encoding the issue is probably related to Apktool. Check their issues on GitHub to find possible workarounds. If you happen to find an Apktool version that's not affected by the issue, you can instruct apk-mitm to use it by specifying the path of its JAR file through the --apktool option.

Installation

The above example used npx to download and execute apk-mitm without local installation. If you do want to fully install it, you can do that by running:

$ npm install -g apk-mitm

Thanks

License

MIT © Niklas Higi

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].