Skip to content

shahidcodes/Android-Nougat-SSL-Intercept

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

.gitignore

.gitignore

 
 

README.md

README.md

 
 

addSecurityExceptions.js

addSecurityExceptions.js

 
 

apksigner.jar

apksigner.jar

 
 

apktool.jar

apktool.jar

 
 

finalKey.jks

finalKey.jks

 
 

network_security_config.xml

network_security_config.xml

 
 

package.json

package.json

 
 

Repository files navigation

Android Nougat SSL Intercept

In Android 7.0, Google introduced changes to the way user Certificate Authorities (CA) are trusted. These changes prevent third-parties from listening to network requests coming out of the application: More info:

  1. https://developer.android.com/training/articles/security-config.html
  2. http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html

This script injects network security exceptions into the APK that allow third-party software like Charles Proxy/Fiddler to listen to the network requests and responses of some Android applications.

Getting Started

  1. Clone the repository.
  2. In repo directory run npm install

Prerequisites

  1. Node >= 6.9.*
  2. JRE (to run apktool)

Usage

	$ node addSecurityException.js /path/to/apk /path/to/keystore keystorePass

Examples

uses default keystore
	$ node addSecurityException.js myApp.apk 

with your keystore
	$ node addSecurityException.js myApp.apk finalKey.jks android

Alternatives

About

It decompiles target apk and adds security exception to accept all certificates thus making able to work with Burp/Charles and Other Tools

Topics

android ssl certificates apk intercept interceptor burp charles ssl-certificates interception-httphttps-request charles-proxy

Resources

Readme
Activity

Stars

17 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages