|
> You don't need to create a custom proxy for that. Wrong, you still need a custom proxy server for this to work. The programs you suggested only help to (temporarily) inspect the Request/Response, as you say, but you would need to manually modify the responses every time they come through the proxy, which could easily translate to hundreds of requests per day while using a single app. Surely no one wants to have to sit there modifying every single HTTP request while using an app like Adobe Photoshop. Instead, what you want is to inspect these requests/responses once using one of those programs you suggested, and then immediately translate your findings into a permanent API endpoint in your custom proxy server, which is constantly running in the background. This way you can use the app as any other user and the app will think that it is communicating with the real (remote) API. Your suggestion to use either Burp Suite, Charles Proxy, or mitmproxy only helps if the app you are trying to crack checks for a valid license once in its entire installation lifetime. Unfortunately, the great majority of apps out there try to validate the license every few days, hours, and even minutes, for example, Sublime Text sends a request to license[.]sublimehq[.]com/check/<license> several times in a day. |
The tools I mentioned all support rules for automatically modifying requests/responses. Most of them support custom scripting as well.
>Wrong, you still need a custom proxy server for this to work.
Not sure why the rudeness here. I'm just sharing some useful tools that would be easier to use than writing an entire HTTP proxy from scratch.
You'll certainly have more power writing a custom proxy from scratch, but off-the-shelf HTTP proxying tools are a good start for someone exploring this space.