hacktricks/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inayotangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

<figure><img src="/.gitbook/assets/image (675).png" alt=""><figcaption></figcaption></figure>

Pata udhaifu unaowajali zaidi ili uweze kuzirekebisha haraka. Intruder inafuatilia eneo lako la shambulio, inafanya uchunguzi wa vitisho wa kujitokeza, inapata masuala katika mfumo wako mzima wa teknolojia, kutoka kwa APIs hadi programu za wavuti na mifumo ya wingu. [**Jaribu bure**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) leo.

{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}

***

Baadhi ya programu hazipendi vyeti vilivyopakuliwa na mtumiaji, kwa hivyo ili kuchunguza trafiki ya wavuti kwa baadhi ya programu, tunapaswa kwanza kuidondoa na kuongeza vitu kadhaa na kuirudisha.

# Kiotomatiki

Zana [**https://github.com/shroudedcode/apk-mitm**](https://github.com/shroudedcode/apk-mitm) itafanya mabadiliko muhimu kiotomatiki kwenye programu ili kuanza kukamata maombi na pia kuzima uthibitishaji wa cheti (ikiwa upo).

# Kwa Mkono

Kwanza tunaidondoa programu: `apktool d *jina-la-faili*.apk`

![](../../.gitbook/assets/img9.png)

Kisha tunakwenda kwenye faili ya **Manifest.xml** na kusonga chini hadi lebo ya `<\application android>` na tutaweka mstari ufuatao ikiwa bado haupo:

`android:networkSecurityConfig="@xml/network_security_config`

Kabla ya kuongeza:

![](../../.gitbook/assets/img10.png)

Baada ya kuongeza:

![](../../.gitbook/assets/img11.png)

Sasa nenda kwenye saraka ya **res/xml** na umbua/boresha faili iliyoitwa network\_security\_config.xml na yaliyomo yafuatayo:
```markup
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
```
Kisha hifadhi faili na rudi nyuma kutoka kwenye miongozo yote na jenga apk upya kwa kutumia amri ifuatayo: `apktool b *jina-la-folda/* -o *jina-la-faili-ya-huduma.apk*`

![](../../.gitbook/assets/img12.png)

Hatimaye, unahitaji tu **kusaini programu mpya**. [Soma sehemu hii ya ukurasa wa Smali - Kudecompile/\[Kubadilisha\]/Kukusanya ili kujifunza jinsi ya kuisaini](smali-changes.md#saini-apk-mpya).

<figure><img src="/.gitbook/assets/image (675).png" alt=""><figcaption></figcaption></figure>

Tafuta udhaifu unaofaa zaidi ili uweze kuzirekebisha haraka. Intruder inafuatilia eneo lako la shambulio, inatekeleza uchunguzi wa vitisho wa kujitokeza, inapata masuala katika mfumo wako wa teknolojia mzima, kutoka kwa API hadi programu za wavuti na mifumo ya wingu. [**Jaribu bure**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) leo.

{% embed url="https://www.intruder.io/?utm\_campaign=hacktricks&utm\_source=referral" %}


<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako inayotangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi ya PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

intruder 2023-09-02 23:51:32 +00:00			`<figure><img src="/.gitbook/assets/image (675).png" alt=""><figcaption></figcaption></figure>`
intruder 2023-09-02 23:48:41 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Pata udhaifu unaowajali zaidi ili uweze kuzirekebisha haraka. Intruder inafuatilia eneo lako la shambulio, inafanya uchunguzi wa vitisho wa kujitokeza, inapata masuala katika mfumo wako mzima wa teknolojia, kutoka kwa APIs hadi programu za wavuti na mifumo ya wingu. [Jaribu bure](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) leo.`
intruder 2023-09-02 23:48:41 +00:00
			`{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}`

			`***`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Baadhi ya programu hazipendi vyeti vilivyopakuliwa na mtumiaji, kwa hivyo ili kuchunguza trafiki ya wavuti kwa baadhi ya programu, tunapaswa kwanza kuidondoa na kuongeza vitu kadhaa na kuirudisha.`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`# Kiotomatiki`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Zana [https://github.com/shroudedcode/apk-mitm](https://github.com/shroudedcode/apk-mitm) itafanya mabadiliko muhimu kiotomatiki kwenye programu ili kuanza kukamata maombi na pia kuzima uthibitishaji wa cheti (ikiwa upo).`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`# Kwa Mkono`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			Kwanza tunaidondoa programu: `apktool d jina-la-faili.apk`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img9.png)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			Kisha tunakwenda kwenye faili ya Manifest.xml na kusonga chini hadi lebo ya `<\application android>` na tutaweka mstari ufuatao ikiwa bado haupo:
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`android:networkSecurityConfig="@xml/network_security_config`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kabla ya kuongeza:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img10.png)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Baada ya kuongeza:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img11.png)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Sasa nenda kwenye saraka ya res/xml na umbua/boresha faili iliyoitwa network\_security\_config.xml na yaliyomo yafuatayo:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00			```markup
Translated to Swahili 2024-02-11 02:13:58 +00:00			`<network-security-config>`
			`<base-config>`
			`<trust-anchors>`
			`<!-- Trust preinstalled CAs -->`
			`<certificates src="system" />`
			`<!-- Additionally trust user added CAs -->`
			`<certificates src="user" />`
			`</trust-anchors>`
			`</base-config>`
			`</network-security-config>`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00			```
Translated to Swahili 2024-02-11 02:13:58 +00:00			Kisha hifadhi faili na rudi nyuma kutoka kwenye miongozo yote na jenga apk upya kwa kutumia amri ifuatayo: `apktool b jina-la-folda/ -o jina-la-faili-ya-huduma.apk`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img12.png)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Hatimaye, unahitaji tu kusaini programu mpya. [Soma sehemu hii ya ukurasa wa Smali - Kudecompile/\[Kubadilisha\]/Kukusanya ili kujifunza jinsi ya kuisaini](smali-changes.md#saini-apk-mpya).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
intruder 2023-09-02 23:51:32 +00:00			`<figure><img src="/.gitbook/assets/image (675).png" alt=""><figcaption></figcaption></figure>`
intruder 2023-09-02 23:48:41 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Tafuta udhaifu unaofaa zaidi ili uweze kuzirekebisha haraka. Intruder inafuatilia eneo lako la shambulio, inatekeleza uchunguzi wa vitisho wa kujitokeza, inapata masuala katika mfumo wako wa teknolojia mzima, kutoka kwa API hadi programu za wavuti na mifumo ya wingu. [Jaribu bure](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) leo.`
intruder 2023-09-02 23:48:41 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`{% embed url="https://www.intruder.io/?utm\_campaign=hacktricks&utm\_source=referral" %}`
intruder 2023-09-02 23:48:41 +00:00
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`* Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia [MPANGO WA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [swag rasmi wa PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Gundua [The PEASS Family](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) za kipekee`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au [kikundi cha telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`