Removed by mod

You configure your traffic to get routed through a man in the middle proxy. If you get certificate errors you can’t ignore, you need to use something like Frida to remove the certificate checks/pinning.

After that you look at the plaintext requests. Odds are that there is an authorization system you need to figure out. Again jadx/Frida is your friend.

Some relevant links to get you started:

https://github.com/shroudedcode/apk-mitm

https://github.com/emanuele-f/PCAPdroid

https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/

Edit:

also very helpful tool is https://frida.re/

And a little tutorial I’ve found to get you started with the android emulator: https://dev.to/ptisserand/mitmproxy-and-android-emulator-206b

Note, that you can only get root on the images that don’t include google play store.

It’s really not that hard, after you’ve done it once. The first time will include some head scratching and learning about some android gotchas. But after that it will be easy.

It is not too hard and you can definitely do it! It’s like a puzzle - you will get stuck at times, but if you keep going then you’ll get there.

APK files are just zip files, so you can unzip it to see its contents. From there, a java de-compiler get you a version of the source code. It will have random variable names and no comments, so it will take some digging to find and reverse the api layer.

Or, who knows, you could get lucky and find an openapi spec file and auth.txt. Worse apps have been developed.

If the app has a web counterpart, it’s easier to sniff and decode that with your browser’s dev tools.

(I realize this isn’t what you asked, but dev tools tend to be great and you won’t need to jump through as many hoops)

Mitmproxy should get you a long way, probably. That way, you’ll see what API calls the app makes with what parameters, and what the responses look like.

deleted by creator