0
I would like tips and paths on how to simulate the search for data from an APP (Android) in PHP or Python.
I found interesting this example https://github.com/victor-torres/sinesp-client, where the Sinesp-Citizen APP is simulated in Python.
How can I debug the APP to identify URLS, Tokens, Passwords, Headers, etc...
1
This Sinesp-Citizen app is not being simulated, this code is just a facilitator to make requests for the actual python app API...
If you want to do something similar to some other app, you have to study a little bit about HTTP Requests, Xmlhttprequests and understand the difference between a Rest and Soap API. Within this there are tokens, login and etc, but this is something more specific to the application and each has its own way of doing this.
0
There are several ways to debug requests, or even apk code.
For monitoring requests sent and received through APK the simplest way to debug is through other Apks that perform this monitoring. You can use for example Packet Capture, or Shark Native, or derivatives. There is also the possibility to inspect requests via adb logcat.
However, the most efficient way, and for this case it makes the most sense, you need to read and understand the APK source code to handle the requests. Since it is not a simple POST. You will need to in addition to formatting a SOAP, generate the Token according to how the application asks for this SOAP to be validated. For this, you can download the APK of sinesp-citizen through an external website, for example, apk Pure. E Use a tool like dex2jar to perform reverse engineering generating a . jar and to view the content you can use a tool like JD-GUI, for example, to decompile the jar.
Browser other questions tagged php android curl
You are not signed in. Login or sign up in order to post.
So that I can locate the tokens, logins and etc of the APP, how can I debug to get this information, there is some specific tool for this?
– Mayron Ceccon
There are Apis that open and do not require authentication, which is the case with this app. It only arrow the api address and the device it is using: https://github.com/victor-torres/sinesp-client/blob/master/src/sinesp_client/body.xml
– Tiago Fabre
If you answered your question, mark it as solved... VLW
– Tiago Fabre
My question is how can I get the address of the API and other data. It seems that the developer of the APP does not make it freely available.
– Mayron Ceccon
It depends on the API in the case of this project it accesses a government api and each api has its documentation defining which addresses will return certain information... As I said you need to take a look at how API’s and Webservices works
– Tiago Fabre
And solved your doubt ?
– Tiago Fabre