hacktricks/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md

<details>

<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

**Kikundi cha Usalama cha Kujitahidi Kufanikiwa**

<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

***

Baadhi ya programu hazipendi vyeti vilivyopakuliwa na mtumiaji, hivyo ili kuchunguza trafiki ya wavuti kwa baadhi ya programu tunapaswa kuchambua tena programu na kuongeza vitu kadhaa na kuirudisha.

# Kiotomatiki

Zana [**https://github.com/shroudedcode/apk-mitm**](https://github.com/shroudedcode/apk-mitm) itafanya **kiotomatiki** mabadiliko muhimu kwenye programu ili kuanza kukamata maombi na pia kulemaza certificate pinning (ikiwa ipo).

# Kwa Mkono

Kwanza tunachambua programu: `apktool d *jina-la-faili*.apk`

![](../../.gitbook/assets/img9.png)

Kisha tunakwenda kwenye faili ya **Manifest.xml** & tunasonga chini hadi lebo ya `<\application android>` na tutaweka mstari ufuatao ikiwa haupo tayari:

`android:networkSecurityConfig="@xml/network_security_config`

Kabla ya kuongeza:

![](../../.gitbook/assets/img10.png)

Baada ya kuongeza:

![](../../.gitbook/assets/img11.png)

Sasa nenda kwenye saraka ya **res/xml** & unda/boresha faili iitwayo network\_security\_config.xml na yaliyomo yafuatayo:
```markup
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
```
Kisha hifadhi faili & rudi nyuma kutoka kwenye mafaili yote na jenga upya apk kwa kutumia amri ifuatayo: `apktool b *jina-la-folda/* -o *faili-la-matokeo.apk*`

![](../../.gitbook/assets/img12.png)

Mwishowe, unahitaji tu **kusaini programu mpya**. [Soma sehemu hii ya ukurasa wa Smali - Kudecompile/\[Kubadilisha\]/Kukusanya ili kujifunza jinsi ya kuaisaini](smali-changes.md#sing-the-new-apk).

<details>

**Kikundi cha Usalama cha Try Hard**

<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Kikundi cha Usalama cha Kujitahidi Kufanikiwa`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

			`***`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`Baadhi ya programu hazipendi vyeti vilivyopakuliwa na mtumiaji, hivyo ili kuchunguza trafiki ya wavuti kwa baadhi ya programu tunapaswa kuchambua tena programu na kuongeza vitu kadhaa na kuirudisha.`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`# Kiotomatiki`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Zana [https://github.com/shroudedcode/apk-mitm](https://github.com/shroudedcode/apk-mitm) itafanya kiotomatiki mabadiliko muhimu kwenye programu ili kuanza kukamata maombi na pia kulemaza certificate pinning (ikiwa ipo).`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`# Kwa Mkono`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			Kwanza tunachambua programu: `apktool d jina-la-faili.apk`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img9.png)`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			Kisha tunakwenda kwenye faili ya Manifest.xml & tunasonga chini hadi lebo ya `<\application android>` na tutaweka mstari ufuatao ikiwa haupo tayari:
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`android:networkSecurityConfig="@xml/network_security_config`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Kabla ya kuongeza:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img10.png)`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`Baada ya kuongeza:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img11.png)`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Sasa nenda kwenye saraka ya res/xml & unda/boresha faili iitwayo network\_security\_config.xml na yaliyomo yafuatayo:`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00			```markup
Translated to Swahili 2024-02-11 02:13:58 +00:00			`<network-security-config>`
			`<base-config>`
			`<trust-anchors>`
			`<!-- Trust preinstalled CAs -->`
			`<certificates src="system" />`
			`<!-- Additionally trust user added CAs -->`
			`<certificates src="user" />`
			`</trust-anchors>`
			`</base-config>`
			`</network-security-config>`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			Kisha hifadhi faili & rudi nyuma kutoka kwenye mafaili yote na jenga upya apk kwa kutumia amri ifuatayo: `apktool b jina-la-folda/ -o faili-la-matokeo.apk`
GitBook: [master] 3 pages and 4 assets modified 2020-08-07 08:50:39 +00:00
			`![](../../.gitbook/assets/img12.png)`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Mwishowe, unahitaji tu kusaini programu mpya. [Soma sehemu hii ya ukurasa wa Smali - Kudecompile/\[Kubadilisha\]/Kukusanya ili kujifunza jinsi ya kuaisaini](smali-changes.md#sing-the-new-apk).`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Kikundi cha Usalama cha Try Hard`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`Njia nyingine za kusaidia HackTricks:`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`