Root Path

Vasyl's Little Web Log

Hacking non-public API

Recently i have started to search a house or flat for a rent. In my city real estate agents took monthly cost for their service.
It's not a big deal if it can be called SERVICE, but that's not our topic. So there are the brokers and there are the owners. Owners, usually, post vacant place on the classifieds website, and here we are near our main topic.

The classifieds website have no public API, but have mobile app. So let's hack it!

On Android there's no problem to install package sniffer even on non-rooted device. But unfortunately i have only ios device, but there's a solution.
To sniff packages you should connect your device via USB cable, then, using iTunes copy device's UDID. Then, in terminal run rvictl -s <udid> command. It would create new virtual network interface rvi0. To ensure you have it - you can run ifconfig -l command in terminal.

To start sniffing packages run sudo tcpdump -i rvi0 -w ./output.pcap command. This would save all packages into output.pcap file, which can be opened using, for example, Wireshark. After you finish your work you can disable rvi0 using this command: rvictl -x <udid>