MITM HTTPS traffic from android App.

Since Android 9 Nougat, Android decide to prevent users from using the user's installed certificate on any app without app developer intention. So capture HTTPS traffic for analysis from any app would be harder. I wanna try to see want happen inside an app and I found a nice solution to finish the task

  • Get the Android app APK from some source and make sure you get the real one. I'm using APK from ApkPure.
  • Install Apktool on your PC.
  • Decode the APK apktool d application.apk -f
  • Create new file at res/xml/network_security_config.xml and put the content as below:
     <certificates src="system" />
     <certificates src="user" />
  • Edit file AndroidManifest.xml by adding line android:networkSecurityConfig="@xml/network_security_config in application tag like this -> <application … android:networkSecurityConfig="@xml/network_security_config">
  • Repack the apk apktool b -f output file will be in dist directory.
  • Create a key to sign the new APK keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
  • Self sign the APK jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore application.apk alias_name
  • Install the APK on your device.
  • Install and start mitmproxy on your PC.
  • Set your WiFi proxy on your android device to mitmproxy's IP address and port 8080.
  • Go to from your android web browser then download and install a certificate.
  • Open the app that you installed from the new proxy able APK.
  • Now you can see the app traffic on your PC.

- 0 toasts