Make APK Accept CA Certificate

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Baadhi ya programu hazipendi vyeti vilivyopakuliwa na mtumiaji, hivyo ili kukagua trafiki ya wavuti kwa baadhi ya programu tunapaswa kweli ku-decompile programu hiyo na kuongeza mambo machache na kuirekebisha tena.

Automatic

Zana https://github.com/shroudedcode/apk-mitm itafanya mabadiliko muhimu kwenye programu ili kuanza kukamata maombi na pia itazima certificate pinning (ikiwa ipo).

Manual

Kwanza tunadecompile programu: apktool d *file-name*.apk

Kisha tunaenda kwenye faili Manifest.xml na kuporomoka chini hadi kwenye tag <\application android> na tunaenda kuongeza mstari ufuatao ikiwa haupo tayari:

android:networkSecurityConfig="@xml/network_security_config"

Kabla ya kuongeza:

Baada ya kuongeza:

Sasa ingia kwenye folda res/xml na uunde/badilisha faili lililo na jina network_security_config.xml lenye maudhui yafuatayo:

<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>

Kisha hifadhi faili na kutoka kwenye saraka zote na ujenge tena apk kwa amri ifuatayo: apktool b *folder-name/* -o *output-file.apk*

Hatimaye, unahitaji tu kusaini programu mpya. Soma sehemu hii ya ukurasa Smali - Decompiling/[Modifying]/Compiling kujifunza jinsi ya kuisaini.

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki hila za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.

PreviousIntent Injection NextManual DeObfuscation

Last updated 5 days ago