Description:

ansinject 0.2.0

ANS INJECT

Image by Darwin Laganzon from Pixabay
Android Network Security Config Injector

This tool is simply an easier way to use some collection of other tools which can inject a network security config into an Android APK. Mainly it's sole pupose is making it easier to use the tools in the requirements list below with one line of command.
This is useful when you want to test an app that uses HTTPS but you don't have a valid certificate. This tool will allow you to bypass the certificate check.
Disclaimer
This tool is provided as is. I am not responsible for any damage caused by this tool. Use it at your own risk.
Requirements

adb (Part of the Android SDK)
zipalign (Part of the Android SDK)
jarsigner (Part of the JDK)
keytool (Part of the JDK)
apktool (Need to be installed manually)

Installation
pip install ansinject

Usage
ansinject --help

ansinject inject [input_apk] [output_apk] --temp-dir [temp_dir]

Basicly the script will do the following:

Extract the APK
Copy the following network security config onto /res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>


Rebuild the APK
Generate a keystore in order to sign the APK
Sign the APK
Align the output

License
This project is licensed under the MIT License - see the LICENSE file for details
Acknowledgements

stackoverflow - Capturing mobile phone traffic on wireshark
gist - unoexperto - How to patch Android app to sniff its HTTPS traffic with self-signed certificate
exandroid - Capture all android network traffic

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter