apktool b app-release -o modified-app.apk Now we need to rebuild the APK and sign it. Also we need to modify the AndroidManifest.xml as already described. Next we need to add our ‘network_security_config.xml’ inside ‘res/xml’. The option ‘ -s’ prevent any disassembly of the dex files which we don’t need to modify. With the apktool in place just enter the following command apktool d app-release.apk -s So let’s build a release version of the original sample app without any network-configuration and modify it, with the help of apktool. It’s time to use our knowledge to modify any app out in the world in a way to allow us capturing the network traffic with Burp Suite. Furthermore Burp Suite can now intercept each request and we are able to modify it. It works so we know how to modify an application to trust our installed certificate. To apply the configuration we need to update the ‘ AndroidManifest.xml’ by adding the following to application. This config tells Android, that the application not only trust system certificates but also user installed certificates. Even after installing it on the device it’s not getting applied inside the app per default.įor that reason we need to create a ‘ network_security_config.xml’ inside ‘ res/xml’. Because Burp Suite needs to repackage the request and sign it with a custom certificate Android does not trust the request anymore. ![]() It seems Android does not really like it, that Burp Suite is trying to get the request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |