MITM HTTPS traffic from android App.
Since Android 9 Nougat, Android decide to prevent users from using the user's installed certificate on any app without app developer intention. So capture HTTPS traffic for analysis from any app would be harder. I wanna try to see want happen inside an app and I found a nice solution to finish the task
- Get the Android app APK from some source and make sure you get the real one. I'm using APK from ApkPure.
- Install Apktool on your PC.
- Decode the APK
apktool d application.apk -f
- Create new file at
res/xml/network_security_config.xmland put the content as below:
<network-security-config> <base-config> <trust-anchors> <certificates src="system" /> <certificates src="user" /> </trust-anchors> </base-config> </network-security-config>
- Edit file
AndroidManifest.xmlby adding line
applicationtag like this ->
<application … android:networkSecurityConfig="@xml/network_security_config">
- Repack the apk
apktool b -foutput file will be in dist directory.
- Create a key to sign the new APK
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
- Self sign the APK
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore application.apk alias_name
- Install the APK on your device.
- Install and start mitmproxy on your PC.
- Set your WiFi proxy on your android device to mitmproxy's IP address and port 8080.
- Go to mitm.it from your android web browser then download and install a certificate.
- Open the app that you installed from the new proxy able APK.
- Now you can see the app traffic on your PC.