- Download apktool from https://ibotpeaches.github.io/Apktool/
- Unpack apk file:
java -jar apktool.jar d app.apk - Modify
AndroidManifest.xmlby addingandroid:networkSecurityConfig="@xml/network_security_config"attribute to application element. - Create file
/res/xml/network_security_config.xmlwith following content:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
- Build patched apk:
java -jar apktool.jar b app -o app_patched.apk - Generate keys to sign apk:
keytool -genkey -alias keys -keystore keys - Sign apk file:
jarsigner -verbose -keystore keys app_patched.apk keys - If necessary convert apk to jar for further analysis:
d2j-dex2jar.sh app.apk
Source: https://stackoverflow.com/questions/52862256/charles-proxy-for-mobile-apps-that-use-ssl-pinning
- Android:
JustTrustMe (based on Xposed)
Android-SSL-TrustKiller (Cydia Substrate)
- iOS:
SSL Kill Switch 2 (based on Cydia)
Hey there! On the first command, you switched the position of the tool and the argument, It should be
java -jar apktool.jar d app.apkinstead ofjava -jar d apktool.jar app.apk.