We are building an Android App and we are worried about the REST API being scraped.
Would it be possible to detect the REST endpoints used for the app if somebody manages to install the app in a computer and uses a software like Wireshark to sniff the connection?
The connection is HTTPS
If possible, what is the way of preventing people from using these REST APIs on their own?
We are building an Android App ... if somebody manages to install the app in a computer
I.e., you're worried about either 1) a computer running Android or whatever Google's "Android+Chrome merge" thing is or 2) a computer running some software under which Android apps can run?
and uses a software like Wireshark to sniff the connection? ... The connection is HTTPS
Sniffing an SSL/TLS connection gives you a bunch of encrypted data unless you give Wireshark enough data to decrypt it, and it's a situation where it can decrypt it.
However, a debugging proxy such as Fiddler or Charles might be able to catch the traffic and decrypt it in situations where Wireshark couldn't.
Related
I am facing problem in getting API call's data using charles for one particular application. I have already done proxy settings on my android and iPhone. I am able to see logs from all other apps running on my mobile except a particular app.
Could there be any limitation imposed by Android app?
This is not limitation caused by Android app, but more likely caused by Charles.
Charles is a proxy, but only proxy for HTTP(S). There are many app that communicate with server using non-HTTP protocol (raw socket for example). In such condition, Charles is not able to intercept the requests and responses.
I have a react-native project that when I'm using psiphon vpn, my post requests to API return NetworkError. I don't have any idea how to fix it.
In my case, using vpn like psiphon did not affect post requests. your problem may relate to your server policy (for example i know an sms panel that blocks requests from vpn in iran!). if its your own server, try changing your policies or call server support center.
Is it possible to view the network traffic (http requests, raw http etc.) similar to chrome dev tools (network tab) generated by an application (nodejs if it makes any difference) via vscode?
This functionality is already present, but it doesn't show the requests and responses of the application running.
The developer tools are connected to the running instance of Code and not the application you are executing. Currently it is not possible to view network traffic for the application you are launching from Code.
You can try to start from mbehr1.vsc-webshark plugin and use WireShark tools for catching your app network i/o.
It would be great a more detailed post about configuring launching Rust app (server) in debug mode, wireshark with VSCode integrated UI, and maybe internal browser in a single launch.json action, but I can't point anything close to it.
I’m interested in finding out exactly what network requests are made by certain 3rd party Chrome apps. I can open the Dev Tools from chrome://inspect/#apps, or from the context menu (enabled under chrome://flags/#debug-packed-apps), or by means of the Chrome Apps & Extensions Developer Tool. Whatever I do, the Network tab stays blank except an occasional image/png, while I’m sure lots of HTTP requests (or HTTPS to be exact) actually take place.
How can I monitor all network requests that an app makes? It seems easy for extensions, but not for standalone apps. Or is MITMing myself with a proxy with a self-signed certificate that Chrome is configured to trust the only option?
super basic question - I am building an iphone app but will need to set up my computer as a server so my app can send data to my computer. what are the first steps that i need to take?
Thanks!
If you are writing an iPhone app you are probably on a Macbook so you can easily enable Apache in system preferences, click sharing, enable web sharing it will then show you your computers IP address that you can hit over a web browser.
That will set you up with a web server on your machine. Since your emulator and web server will be on the same wifi network and even if you deploy to the device you can have it on your wifi network you should be able to post data to your Mac's web server.
If you are passing data to it you'll need to read about 'web services', probably REST web services. I would then suggest reading about PHP and/or Ruby or Python as your programming language to interpret what you are posting to the web service.
Hope that helps you on your way.
If you are not on a Mac you can't develop an iPhone app anyways ;) so the above strategy should work for you.
3G will only work for you if your server is available outside of the network. Tons of info online on how to set that up but essentially what you would do is configure your router to forward incoming traffic from (for example) port 8080 to the ip address of your server. Assuming you are on a router.
As a side note, if down the line you use Ruby you could check out http://www.heroku.com/how if you want to host your server there