A simple Python script which patches the security configuration of an Android APK file to trust user root certificatesfor bypass SSL-pinning.
- Python3
- Java
git clone https://github.com/aniruddhmistry/unpinning-ssl.git
cd unpinning-ssl
python unpinning-ssl.py <APK filename>
- Decompile the APK file using APKtool
- Modify
AndroidManifest.xml
andnetwork_security_config.xml
to trust user certificate - Recompile the APK file using APKtool
- Sign the APK file using uber-apk-signer