A python script (previously
bash) that prepares Android APK (or AAB, XAPK) for HTTPS traffic inspection.
The script allows to bypass SSL pinning on Android >= 7 via rebuilding the APK file and making the user credential storage trusted. After processing the output APK file is ready for HTTPS traffic inspection.
If an AAB file provided the script creates a universal APK and processes it. If a XAPK file provided the script unzips it and processes every APK file.
Works on macOS, Linux and Windows.
[NEEDS TESTING] The performance on the Windows probably will be a few times (~3.5) lower than in macOS / Linux (
apktool takes longer time to decode the APK).
bundletool(if AAB file provided) or unzips the XAPK file (in case of XAPK);
network_security_config.xmlto make user credential storage as trusted;
Optionally the script allow to:
Root access is not required.
Install the tools from the list below:
adbto the PATH environment variable)
The tools below will be downloaded by the script in case it's missing:
pip3 install -r requirements.txtto install the required python modules
The script can be launched like
python3 apk-rebuild.py -h (or
python3 apk-rebuild.py --help) to print the usage manual.
usage: apk-rebuild.py [-h] [-v] [-i] [--pause] [-p] [-r] [-o OUTPUT] [--no-src] [--only-main-classes] [--ks KS] [--ks-pass KS_PASS] [--ks-alias KS_ALIAS] [--ks-alias-pass KS_ALIAS_PASS] file The script allows to bypass SSL pinning on Android >= 7 via rebuilding the APK file and making the user credential storage trusted. After processing the output APK file is ready for HTTPS traffic inspection. positional arguments: file path to .apk, .aab or .xapk file for rebuilding options: -h, --help show this help message and exit -v, --version show program's version number and exit -i, --install install the rebuilded .apk file(s) via adb --pause pause the script execution before the building the output .apk -p, --preserve preserve the unpacked content of the .apk file(s) -r, --remove remove the source file (.apk, .aab or .xapk) after the rebuilding -o OUTPUT, --output OUTPUT output .apk file name or output directory path (for .xapk source file) --no-src use --no-src option when decompiling via apktool --only-main-classes use --only-main-classes option when decompiling via apktool --ks KS use custom .keystore file for .aab decoding and .apk signing --ks-pass KS_PASS password of the custom keystore --ks-alias KS_ALIAS key (alias) in the custom keystore --ks-alias-pass KS_ALIAS_PASS password for key (alias) in the custom keystore
For rebuilding the APK file use script with argument(s). The examples are below:
patch the AAB file and do not delete the unpacked APK file content
python3 apk-rebuild.py input.aab --preserve
patch the APK file, remove the source APK file after patching and install the patched APK file on the Android-device
python3 apk-rebuild.py input.apk -r -i
The path to the source file must be specified as the first argument.
the network_security_config.xml(and add the
android:networkSecurityConfigproperty to the
applicationelement in the
AndroidManifest.xmlof course): https://developer.android.com/training/articles/security-config#debug-overrides.
For bug reports, feature requests or discussing an idea, open an issue here.
Many thanks to: