Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleartext traffic not allowed after patching APK #29

Closed
ftruzzi opened this issue Dec 19, 2020 · 2 comments · Fixed by APKLab/APKLab#55
Closed

Cleartext traffic not allowed after patching APK #29

ftruzzi opened this issue Dec 19, 2020 · 2 comments · Fixed by APKLab/APKLab#55
Labels
bug Something isn't working

Comments

@ftruzzi
Copy link

ftruzzi commented Dec 19, 2020

Hi,

Today I patched an APK which also has unsecured (HTTP) endpoints, and after patching the APK those API calls would be blocked by Android with ERR_CLEARTEXT_NOT_PERMITTED.

The fix was to run the script with --wait and add <base-config cleartextTrafficPermitted="true" /> to network-security-config.xml before rebuilding the APK. Could it be done automatically if the original AndroidManifest.xml enables cleartext traffic through the usesCleartextTraffic attribute?

I'm new to all of this and have no experience with Android development so not sure what else should be considered.

Thanks!
@niklashigi
Copy link
Owner

The fix was to run the script with --wait and add <base-config cleartextTrafficPermitted="true" /> to network-security-config.xml before rebuilding the APK. Could it be done automatically if the original AndroidManifest.xml enables cleartext traffic through the usesCleartextTraffic attribute?

Yeah, that seems like a reasonable fix. Thanks a lot for reporting this, I wasn't even aware of these cleartext-related options!

@niklashigi niklashigi added the bug Something isn't working label Dec 19, 2020
@ftruzzi
Copy link
Author

ftruzzi commented Dec 30, 2020

Thanks!

@amsharma44 amsharma44 mentioned this issue Jan 8, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

apk-mitm: allow cleartext traffic and use unique nsc file name APKLab/APKLab
2 participants
@ftruzzi @niklashigi