mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-14 00:47:24 +00:00
GitBook: [master] 3 pages and 4 assets modified
This commit is contained in:
parent
cb1c3ad7df
commit
a0ee304efb
7 changed files with 50 additions and 1 deletions
BIN
.gitbook/assets/img10.png
Normal file
BIN
.gitbook/assets/img10.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 86 KiB |
BIN
.gitbook/assets/img11.png
Normal file
BIN
.gitbook/assets/img11.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 88 KiB |
BIN
.gitbook/assets/img12.png
Normal file
BIN
.gitbook/assets/img12.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
BIN
.gitbook/assets/img9.png
Normal file
BIN
.gitbook/assets/img9.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 48 KiB |
|
@ -104,6 +104,7 @@
|
|||
* [Frida Tutorial 3](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md)
|
||||
* [Objection Tutorial](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md)
|
||||
* [Google CTF 2018 - Shall We Play a Game?](mobile-apps-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md)
|
||||
* [Make APK Accept CA Certificate](mobile-apps-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md)
|
||||
* [Manual DeObfuscation](mobile-apps-pentesting/android-app-pentesting/manual-deobfuscation.md)
|
||||
* [Reversing Native Libraries](mobile-apps-pentesting/android-app-pentesting/reversing-native-libraries.md)
|
||||
* [Smali - Decompiling/\[Modifying\]/Compiling](mobile-apps-pentesting/android-app-pentesting/smali-changes.md)
|
||||
|
|
|
@ -447,7 +447,8 @@ It's recommended to **apply SSL Pinning** for the sites where sensitive informat
|
|||
### Inspecting HTTP traffic
|
||||
|
||||
First of all, you should \(must\) **install the certificate** of the **proxy** tool that you are going to use, probably Burp. If you don't install the CA certificate of the proxy tool, you probably aren't going to see the encrypted traffic in the proxy.
|
||||
**Please,** [**read this guide to learn how to do install a custom CA certificate**](android-burp-suite-settings.md)**.**
|
||||
**Please,** [**read this guide to learn how to do install a custom CA certificate**](android-burp-suite-settings.md)**.
|
||||
If installing a custom CA certificate isn't enough to capture the requests of the application you will need to sligtly modify the application,** [**read this page about how to make an APK accept custom certificates**](make-apk-accept-ca-certificate.md)**.**
|
||||
|
||||
#### SSL Pinning
|
||||
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# Make APK Accept CA Certificate
|
||||
|
||||
Some applications don't like user downloaded certificates, so in order to inspect web traffic for some apps we actually have to decompile the application & add a few things & recompile it.
|
||||
|
||||
## Automatic
|
||||
|
||||
The tool [**https://github.com/shroudedcode/apk-mitm**](https://github.com/shroudedcode/apk-mitm) will **automatically** make the necessary changes to the application to start capturing the requests and will also disable certificate pinning \(if any\).
|
||||
|
||||
## Manual
|
||||
|
||||
First we decompile the app: `apktool d *file-name*.apk`
|
||||
|
||||
![](../../.gitbook/assets/img9.png)
|
||||
|
||||
Then we go into the **Manifest.xml** file & scroll down to the `<\application android>` tag & we are going to add the following line if it isn't already there:
|
||||
|
||||
`android:networkSecurityConfig="@xml/network_security_config`
|
||||
|
||||
Before adding:
|
||||
|
||||
![](../../.gitbook/assets/img10.png)
|
||||
|
||||
After adding:
|
||||
|
||||
![](../../.gitbook/assets/img11.png)
|
||||
|
||||
Now go into the **res/xml** folder & create/modify a file named network\_security\_config.xml with the following contents:
|
||||
|
||||
```markup
|
||||
<network-security-config>
|
||||
<base-config>
|
||||
<trust-anchors>
|
||||
<!-- Trust preinstalled CAs -->
|
||||
<certificates src="system" />
|
||||
<!-- Additionally trust user added CAs -->
|
||||
<certificates src="user" />
|
||||
</trust-anchors>
|
||||
</base-config>
|
||||
</network-security-config>
|
||||
```
|
||||
|
||||
Then save the file & back out of all the directories & rebuild the apk with the following command: `apktool b *folder-name/* -o *output-file.apk*`
|
||||
|
||||
![](../../.gitbook/assets/img12.png)
|
||||
|
||||
Finally, you need just to **sign the new application**. [Read this section of the page Smali - Decompiling/\[Modifying\]/Compiling to learn how to sign it](smali-changes.md#sing-the-new-apk).
|
||||
|
Loading…
Reference in a new issue