Open coolaj86 opened 3 years ago
I started working on this. I found about this project yesterday, and I was going to do this anyway. I am waiting for Gospel Library to finish updating, then I can share my log from mitmproxy. I have already found some interesting stuff.
I have a mitmproxy flow from my Gospel Library. https://cloudflare-ipfs.com/ipfs/QmNcUJjUhDLAjvmQXSv9CDTVXco5175mUDw1JoZMh95Gnb
The terrible thing about the church website is that it doesn't even use its own API most of the time.
And the JSON that's embedded in the HTML is in the most obtuse format (probably to mirror the HTML), often missing IDs and such.
If we use an MITM proxy we can watch an iPhone communicate with the API. If we get lucky, maybe we can even learn about a simpler, more secure, token-based system rather than relying on cookies for authentication.
https://medium.com/testvagrant/intercept-ios-android-network-calls-using-mitmproxy-4d3c94831f62