What for
I have a pet-project, a finance accounting application.
In my opinion, one of the key problems of such applications is manual input of the balance.
Banks have information about the transactions that I complete and even have good analytics.
But
- There are several banks and they do not know anything about each other. Eventually
- No single analytics
- A transfer of money from one bank to another will be considered as write-off on one side and crediting on the other. This feature spoils analytics.
- The ability to work with data allows you to build any analytics and forecasts, unlike ui bank
You can use different channels to access data: sites and applications. Sites look simpler: take the chrome debugger and go. But the data on the site often change their structure, since in addition to the data, they also contain UI elements. Applications, unlike sites, request data from the server and only in their guts do it UI. On the site you need to handle html, which is built on obscure, mutable div, javascript izmenyamyh th . Applications usually come with machine-friendly json / xml.
Disclaimer. , . , , , , . .
. . . , .
, .
. , , . , .
how
Brief instructions for reverse application
- Downloading charles , apktool , "a thing for signing applications"
- MITM
- apktool
apktool d -f -r app.apk - ,
- / network_security_config.xml
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
- / network_security_config.xml AndroidManifest.xml networkSecurityConfig
<application android:networkSecurityConfig="@xml/network_security_config"></application>
.
- charles
Help > SSL Proxying > Save Charles Root Certificate - charles
cp <your.cer> your_app/res/somePath/somecert.cer - charles .
apktool b yourapp -o ${apkName}java -jar sign.jar ${apkName}- Charles
( wifi Proxy. IP - charles, PORT-8888) - charles .
- .
. :
Update - A valuable addition to the article