Apktool VS apk-mitm

Compare Apktool vs apk-mitm and see what are their differences.

Apktool

A tool for reverse engineering Android apk files (by iBotPeaches)

apk-mitm

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection (by niklashigi)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
Apktool apk-mitm
64 7
19,983 3,832
- -
8.6 5.3
7 days ago 3 months ago
Java TypeScript
Apache License 2.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Apktool

Posts with mentions or reviews of Apktool. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-03.

apk-mitm

Posts with mentions or reviews of apk-mitm. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-11.
  • Cant bypass SSL pinning on Fazolis Rewards
    1 project | /r/AndroidQuestions | 28 Mar 2023
    For some reason fazolis rewards app from apkpure or anywhere has custom SSL Pinning (at least i think) I have tried patching fazolis rewards with https://github.com/shroudedcode/apk-mitm. And then using NoxPlayer for an emulator and mitmproxy to intercept https requests and some go through but others are not trusted by the client. What am I doing wrong? is it impossible for some applications?
  • Why is closed source so bad?
    1 project | /r/privacy | 9 Feb 2023
  • Various experiments in decrypting traffic from an Android phone
    1 project | /r/wireshark | 24 Dec 2022
    If you want to capture and decrypt the traffic from one or a few apps without root, you can use apk-mitm to reverse engineering the apps to install a network config file which allows you to use user CA to decrypt the traffic of that app. apk-mitm will do everything for you, you will just have to reinstall the app(it requires first to uninstall from the phone because the app's signature will be different and it will not allow installing the apks from apk-mitm as an update to the original app). Modern apps use split apks, you can use SAI to install an app from split apks.
  • Android Chrome 99 expands Certificate Transparency, breaking all MitM dev tools
    4 projects | news.ycombinator.com | 11 May 2022
    > For example, Chrome Desktop, Firefox, and IE did not enforce HPKP if they encountered a cert from a user-added CA. Why does Android do the opposite?

    Your examples are all browsers. I understood that Chrome on Android will continue to support using a user-added CA added to the user store. Android and desktops behave exactly the same for web browsers.

    Non-browser apps are where the differences exist. On Android you must opt-in each app to trust the user store. I'd imagine that the next step is automating https://github.com/shroudedcode/apk-mitm to bulk replace all installed apps with modified apks.

  • Secret military aircraft possibly exposed on TikTok
    1 project | news.ycombinator.com | 28 Sep 2021
  • How can I extract API calls from APK files?
    1 project | /r/androiddev | 31 Mar 2021
    You can use (apk-mitm)[https://github.com/shroudedcode/apk-mitm]. Simply load the API and wait for the patched version. Then download HTTP canary or use Fidler (whatever you prefer). I prefer using HTTP canary since I can intercept the API without looking through the random other requests on my PC. You also don't need a rooted phone which is a +

What are some alternatives?

When comparing Apktool and apk-mitm you can also consider the following projects:

jadx - Dex to Java decompiler

hackdroid - Security Apps for Android

dex2jar - Tools to work with android .dex and java .class files

XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.

Uber Apk Signer - A cli tool that helps signing and zip aligning single or multiple Android application packages (APKs) with either debug or provided release certificates. It supports v1, v2 and v3 Android signing scheme has an embedded debug keystore and auto verifies after signing.

game-builder-garage-editor - (WIP) Experimental save editor for Nintendo's Game Builder Garage

binwalk - Firmware Analysis Tool [Moved to: https://github.com/ReFirmLabs/binwalk]

mitm-omegle - Watch strangers talk on Omegle (man in the middle attack explained for kids)

androguard - Reverse engineering and pentesting for Android applications

Uber Adb Tools for Android - A tool that enables advanced features through adb installing and uninstalling apps like wildcards and multi device support. Useful if you want to clean your test device from all company apks or install a lot of apks in one go. Written in Java so it should run on your platform.

Ghidra-Cpp-Class-Analyzer - Ghidra C++ Class and Run Time Type Information Analyzer

mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured