is there a way to monitor what API a mobile app is

Lowyat.NET forums Advertisement

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members Calendar

Welcome Guest ( Log In | Register )

Lowyat.NET -> Codemasters

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

is there a way to monitor what API a mobile app is, calling?

views

TS15cm	May 8 2022, 05:11 PM, updated 2 months ago Show posts by this member only \| IPv6 \| Post #1
Getting Started Junior Member 50 posts Joined: Apr 2022	on desktop we just click F12 and go to the network tab but on mobile apps? I want to spy on what api endpoint they are calling .
Card PM	Report Top Like Quote Reply

silverhawk	May 9 2022, 12:58 AM Show posts by this member only \| Post #2
I'm Positively Lustrous Elite 4,428 posts Joined: Jan 2003	There are apps like these: https://play.google.com/store/apps/details?...tor&hl=en&gl=US
Card PM	Report Top Like Quote Reply

arturo_bandini	May 9 2022, 03:08 PM Show posts by this member only \| Post #3
Getting Started Junior Member 129 posts Joined: Aug 2005	QUOTE(15cm @ May 8 2022, 05:11 PM) on desktop we just click F12 and go to the network tab but on mobile apps? I want to spy on what api endpoint they are calling . burp suite (paid) or zed application proxy (free). however, nowadays there are "protections" that mobile apps can use to prevent others from studying their traffic. for better or for worse, attackers also created countermeasures to these protections: frida, etc. guides / tutorials are plenty on the net. if it's not just for fun, you should probably hire a professional to help you. or get proper (paid) training on using those tools i mentioned.
Card PM	Report Top Like Quote Reply

iammyself	May 9 2022, 08:58 PM Show posts by this member only \| IPv6 \| Post #4
Getting Started Junior Member 211 posts Joined: May 2011	Here's another idea but I don't remember the exact implementation. I used my laptop as a proxy for my Android phone. On the laptop I run Wire Shark to monitor the network activity. This exposes the API endpoints and other nasty stuff. At least that's why I remember it anyway.
Card PM	Report Top Like Quote Reply

TS15cm	May 9 2022, 09:26 PM Show posts by this member only \| IPv6 \| Post #5
Getting Started Junior Member 50 posts Joined: Apr 2022	QUOTE(silverhawk @ May 9 2022, 12:58 AM) There are apps like these: for some reason it isnt working lol it pops a message on first launch saying it doesnt work after android 10 something something. anyway i give up i wanted to scrap a mobile app by knowing what API it uses, since its web version uses server side rendering and put all the data into an image. i'll just use ML to reverse engineer the image back into data.
Card PM	Report Top Like Quote Reply

flashang	May 10 2022, 12:09 PM Show posts by this member only \| Post #6
Getting Started Junior Member 130 posts Joined: Aug 2021	QUOTE(arturo_bandini @ May 9 2022, 03:08 PM) burp suite (paid) or zed application proxy (free). however, nowadays there are "protections" that mobile apps can use to prevent others from studying their traffic. for better or for worse, attackers also created countermeasures to these protections: frida, etc. guides / tutorials are plenty on the net. if it's not just for fun, you should probably hire a professional to help you. or get proper (paid) training on using those tools i mentioned. You may need to read the T&C before doing this. Testing / Finding backdoor of a product without proper invitation / authorized may have legal issue. https://github.com/venomous0x/WhatsAPI
Card PM	Report Top Like Quote Reply

TS15cm	May 10 2022, 06:36 PM Show posts by this member only \| Post #7
Getting Started Junior Member 50 posts Joined: Apr 2022	QUOTE(flashang @ May 10 2022, 12:09 PM) You may need to read the T&C before doing this. Testing / Finding backdoor of a product without proper invitation / authorized may have legal issue. if i understand this correctly, he did what i am trying to do , intercepted the whatsapp api and is trying to create his own whatsapp app with the api ? what a chad
Card PM	Report Top Like Quote Reply

FlierMate	May 10 2022, 08:59 PM Show posts by this member only \| IPv6 \| Post #8
Casual Validating 483 posts Joined: Nov 2020	QUOTE(15cm @ May 10 2022, 06:36 PM) if i understand this correctly, he did what i am trying to do , intercepted the whatsapp api and is trying to create his own whatsapp app with the api ? If I use WhatsApp for Web, press F12 and go to Network tab, how do I know the API being called? Perhaps you can teach me...
Card PM	Report Top Like Quote Reply

TS15cm	May 10 2022, 09:18 PM Show posts by this member only \| Post #9
Getting Started Junior Member 50 posts Joined: Apr 2022	QUOTE(FlierMate @ May 10 2022, 08:59 PM) If I use WhatsApp for Web, press F12 and go to Network tab, how do I know the API being called? Perhaps you can teach me... since this is similar to a chat room , i belive its websocket type
Card PM	Report Top Like Quote Reply

TS15cm	May 10 2022, 09:20 PM Show posts by this member only \| Post #10
Getting Started Junior Member 50 posts Joined: Apr 2022	QUOTE(FlierMate @ May 10 2022, 08:59 PM) If I use WhatsApp for Web, press F12 and go to Network tab, how do I know the API being called? Perhaps you can teach me... found it
Card PM	Report Top Like Quote Reply

xHj09	May 14 2022, 05:25 AM Show posts by this member only \| Post #11
Your Friendly Neighborhood Senior Member 1,207 posts Joined: Apr 2010	fiddler? charles?
Card PM	Report Top Like Quote Reply

« Next Oldest · Codemasters · Next Newest »

Add Reply Options

Change to:

0.0173sec

0.44

5 queries

GZIP Disabled
Time is now: 28th June 2022 - 05:31 PM

All Rights Reserved © 2002- 2022 Vijandren Ramadass (~unite against racism~)

Powered by Invision Power Board © 2022 IPS, Inc.