In Android 7.0, Google introduced changes to the way user Certificate Authorities (CA) are trusted. These changes prevent third-parties from listening to network requests coming out of the application: More info:
- https://developer.android.com/training/articles/security-config.html
- http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html
This script injects network security exceptions into the APK that allow third-party software like Charles Proxy/Fiddler to listen to the network requests and responses of some Android applications.
- Clone the repository.
- In repo directory run
npm install
- Node >= 6.9.*
- JRE (to run apktool)
$ node addSecurityException.js /path/to/apk /path/to/keystore keystorePass
uses default keystore
$ node addSecurityException.js myApp.apk
with your keystore
$ node addSecurityException.js myApp.apk finalKey.jks android