The script allows to bypass SSL pinning on Android >= 7 and makes APK file ready for HTTPS traffic inspection
A python script (previously bash
) that prepares Android APK (or AAB, XAPK) for HTTPS traffic inspection.
The script allows to bypass SSL pinning on Android >= 7 via rebuilding the APK file and making the user credential storage trusted. After processing the output APK file is ready for HTTPS traffic inspection.
If an AAB file provided the script creates a universal APK and processes it. If a XAPK file provided the script unzips it and processes every APK file.
Works on macOS, Linux and Windows.
[NEEDS TESTING] The performance on the Windows probably will be a few times (~3.5) lower than in macOS / Linux (apktool
takes longer time to decode the APK).
It:
java
);bundletool
(if AAB file provided) or unzips the XAPK file (in case of XAPK);apktool
;network_security_config.xml
to make user credential storage as trusted;apktool
;uber-apk-signer
.Optionally the script allow to:
adb
;Root access is not required.
Install the tools from the list below:
adb
to the PATH environment variable)The tools below will be downloaded by the script in case it's missing:
Preconditions:
pip3 install -r requirements.txt
to install the required python modulesThe script can be launched like
python3 /path/to/the/script/apk-rebuild.py
Execute python3 apk-rebuild.py -h
(or python3 apk-rebuild.py --help
) to print the usage manual.
usage: apk-rebuild.py [-h] [-v] [-i] [--pause] [-p] [-r] [-o OUTPUT] [--no-src] [--only-main-classes] [--ks KS]
[--ks-pass KS_PASS] [--ks-alias KS_ALIAS] [--ks-alias-pass KS_ALIAS_PASS]
file
The script allows to bypass SSL pinning on Android >= 7 via rebuilding the APK file
and making the user credential storage trusted. After processing the output APK file
is ready for HTTPS traffic inspection.
positional arguments:
file path to .apk, .aab or .xapk file for rebuilding
options:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-i, --install install the rebuilded .apk file(s) via adb
--pause pause the script execution before the building the output .apk
-p, --preserve preserve the unpacked content of the .apk file(s)
-r, --remove remove the source file (.apk, .aab or .xapk) after the rebuilding
-o OUTPUT, --output OUTPUT
output .apk file name or output directory path (for .xapk source file)
--no-src use --no-src option when decompiling via apktool
--only-main-classes use --only-main-classes option when decompiling via apktool
--ks KS use custom .keystore file for .aab decoding and .apk signing
--ks-pass KS_PASS password of the custom keystore
--ks-alias KS_ALIAS key (alias) in the custom keystore
--ks-alias-pass KS_ALIAS_PASS
password for key (alias) in the custom keystore
For rebuilding the APK file use script with argument(s). The examples are below:
patch the AAB file and do not delete the unpacked APK file content
python3 apk-rebuild.py input.aab --preserve
patch the APK file, remove the source APK file after patching and install the patched APK file on the Android-device
python3 apk-rebuild.py input.apk -r -i
The path to the source file must be specified as the first argument.
<debug-overrides>
element to the network_security_config.xml
(and add the android:networkSecurityConfig
property to the application
element in the AndroidManifest.xml
of course): https://developer.android.com/training/articles/security-config#debug-overrides.For bug reports, feature requests or discussing an idea, open an issue here.
Many thanks to: