hermanbanken
commented
7 years ago Apparently I was doing something wrong with mitmproxy. Someone else found that this are the contents of the o field now:
"o": {
"totalSize": 113,
"nextOffset": 0,
"previousOffset": 0,
"records": [ ... ],
"transactionsRestricted": false,
"nextRequestContext": {
"startDate": "2014-01-01",
"endDate": "2016-12-31",
"offset": 20
}
},furthermore the requests now contain a startDate and an endDate for denoting which transactions the requester is interested in.
The reverse engineered API is no longer used by the iOS app, or not used in the form documented here. The app allows me to go back to before januari (measured at this day, end of april), and the API calls only go back within april.
I tried to find out which api the app used (mitmproxy) but it has pinned certificates I figure, so I was not able to play man-in-the-middle. Maybe someone can decompile the ipa/apk's?
It would be awesome if anyone can reverse engineer the latest API for a longer history, especially since the mobile app allows you to go further back in time than the website, while the app offers no easy way to export the data (the way of the website is not easy either, but exists nonetheless).