Allowing specific certificates --certificate broken - manual workaround

[tamtam22]

Allowing specific certificates

You can accomplish this by running apk-mitm with the --certificate flag set to the path of the certificate (.pem or .der file) used by your proxy.

Reproduction Steps

Command

apk-mitm --certificate cacert.der com.yourappnameinhere.apk

Fail Result

  Using temporary directory:
[REDACTED]
.......
.......
I: Using Apktool 2.6.1
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether sources has changed...
I: Checking whether resources has changed...
I: Building resources...
W: <tmp_dir>/decode/res/xml/nsc_mitm.xml:11: error: Error: No resource found that matches the given name (at 'src' with value '@raw/cacert.der').
W: 
brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [......, -0, arsc, -I, <tmp_dir>/framework/1.apk, -S, <tmp_dir>/decode/res, -M, <tmp_dir>/decode/AndroidManifest.xml]

Manual Workaround

Command

apk-mitm --certificate cacert.der --wait com.yourappnameinhere.apk

Manual Intervention

While it is waiting for your input...

1. Go to the temporary directory shown in the output
2. Modify <tmp_dir>/decode/res/xml/nsc_mitm.xml
3. Change @raw/cacert.der to @raw/cacert and save
4. Press any key to continue