Easy way to bypass SSL Pinning using apk-mitm tool

There are so many method to bypass SSL like using a tool called Frida by hooking it. However to do this you must first install frida and to use frida fully, your mobile must be rooted.

I found another easy way to bypass SSL that just manipulate the SSL/TLS pinning class in the APK itself.

As normally, you will do various step to bypass ssl pinning. For example

Decode the apk file first with apktool.
Allow the user certificates in the app's network security settings.
Modify the code to disable SSL/TLS (certificate) pinning.
Then, decode it again with the apktool tool.
And Finally, sign the apk using apksigner.

In this case, there is a tool that can automates the whole process called apk-mitm

Installation

npm install -g apk-mitm

In this scenario, we will use injuredAndroid.apk to bypass ssl.The only thing you need to do is just run the tool with the apk file which you want to bypass.

Usage:

apk-mitm .\injuredAndroid.apk

It will automatically do all the step and generate a new pached apk. And then Install that apk in your emulator and intercept with burp.

I tested in injuredAndroid and AndroGoat ,it perfectly worked.

Resources

https://www.npmjs.com/package/apk-mitm
https://github.com/B3nac/InjuredAndroid
https://github.com/satishpatnayak/AndroGoat

PreviousBypass SSL Pinning for flutter apps using reFlutter Framework NextHackTheBox

Last updated 2 years ago