Question 1

How do I use apk-mitm with Charles proxy?

Accepted Answer

Patch your APK with apk-mitm, install it on your device, then set Charles as the proxy in your Android network settings. Ensure Charles' root certificate is installed on the device or use apk-mitm's --certificate flag to inject it directly.

Question 2

apk-mitm vs mitmproxy's android-unpinner, which should I use?

Accepted Answer

apk-mitm is better for non-rooted devices as it pre-patches the APK, while android-unpinner uses Frida for runtime patching on rooted devices. Choose apk-mitm for simplicity, android-unpinner for more powerful, dynamic analysis.

Question 3

Does apk-mitm work on Android 12 or newer?

Accepted Answer

Yes, apk-mitm targets Network Security Configuration from Android 7 onward, so it generally works on newer versions. However, app-specific implementations or new security features might occasionally require updates or manual tweaks.

Question 4

What to do if apk-mitm crashes during decoding?

Accepted Answer

This is typically an Apktool issue. Check Apktool's GitHub for known bugs and workarounds, or try a different Apktool version using the --apktool option to specify a JAR file path.

Question 5

How to patch a Flutter app with apk-mitm?

Accepted Answer

apk-mitm often fails with Flutter apps due to native certificate pinning. You'll need alternative tools like Frida-based scripts (e.g., frida-interception-and-unpinning) that can hook into runtime code on rooted devices.

Question 6

Can I use apk-mitm without installing Node.js globally?

Accepted Answer

Yes, you can run it via npx without global installation (e.g., npx apk-mitm <apk>), but Java must still be installed. This avoids polluting your system but requires an internet connection for the first run.

apk-mitm

What is apk-mitm?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions