|
|
|
|
|
|
by itzael
2219 days ago
|
|
|
I’ve had this come up a few times when doing API snooping, and what I’ve done is decompiling the Android version (if available) of their app using jadx [1]. You get pretty legible Java, sometimes with Kotlin artifacts, sometimes with obfuscation, but in combination with some MITM snooping you can see how auth/headers/hashes are done. Sometimes you even find internal API endpoints with a security issue or two. [1]: https://github.com/skylot/jadx |
|
|
I've used jadx once before to decompile a steamship line app, but it was just curiosity with no end goal in mind. Didn't try it with the chipotle app.
Next project!