Sniffing Android API


API

Application Programming Interface aka API is a code that allows two different softwares to interact with each other. We will try to sniff Web API here. Web API are of mainly two types :- SOAP and REST.
SOAP API contains only headers while REST API contains headers as well as body.
Headers and body are used to send data to a server across the internet.


SNIFFING

If your APIs are insecure, a hacker can sniff them and modify it to cause damage to your server.  Fiddler is one of the software which allows us to sniff API.

1) Download fiddler from https://www.telerik.com/download/fiddler and install it in Kali or Windows.

2) Install Fiddler and run it as Admin.

3) You will see a screen like this


4)Go to tools->option->connections and check allow remote computers to connect.


5) On taking the cursor to the top right corner of the screen, you can see your the local IP address of the PC.

6) Open your android phone and enter this IP in the proxy settings and set port as 8888.



7)Now open localhost:8888 in android browser and download fiddler certificate.


8) Install the certificate in your phone(you can name it anything you want).

9) Now android app's api will begin to be captured by fiddler.

10) You can use postman to spoof a request.

11)It can be downloaded from https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en

12)On opening it, you will see a screen like this.


13) Click on Request and name it anything that you like.

14) Now Select the Request type which you want to spoof (GET/POST etc.). You can see it in fiddler.

15) Add headers and body and modify it according to your needs.

16)Click on Send and you will receive the response.
Always remember to use Kali for helpful purposes and not use it to cause harm.
Stay Safe.

Follow us on Facebook:- Facebook.com/VAPTHacker

Comments

Popular posts from this blog

Bitcoin mining in nuclear lab

Uber Being Sued for $13.5 Million