How To Build A Poor Man's Mono/okra Banking API - Programming - Nairaland
Nairaland Forum / Science/Technology / Programming / How To Build A Poor Man's Mono/okra Banking API (756 Views)
Banking Api / Please Help Me With VTU API / Mobile Technology: Lets Build A Mobile App With Javascript (2) (3) (4)
(1) (Reply)
| How To Build A Poor Man's Mono/okra Banking API by pystar: 11:36pm On Feb 04, 2021 |
How to Build a Poor Man's Mono/Okra Banking API Reverse engineer your mobile banking app and make a script that automates checking balances. I built this out of the curiosity (which won’t kill this cat) I had to see if I could create a Python-based script that automates checking account balances using bank APIs that arent publicly available ala what Plaid, Mono, and Okra do but for free. Reverse engineering the mobile banking app for my bank was not so hard. The process, however, proved to be very useful and you can easily adapt what I showcase here to your own ideas. REQUIREMENTS Burpsuite Python 3.8 Python Requests Download and install Burpsuite, Python, and requests in a virtual environment. Now let’s get hacking 1.) First, you'll need to know the IP address of your proxy server. On Linux/Mac type "ifconfig" in a terminal to display it. It will probably be something like "192.168.X.X" or "10.X.X.X.". 2.) Configure your mobile device to use the IP address gotten in step (1) as the proxy hostname and use port “8080” as the proxy port. 3.) We will use Burp to create a local proxy server that we'll connect our phone to and then use it to read all traffic MITM-style. We will then check the logs in the intercept tab of Burpsuite to find out the called API endpoints and reverse engineer it using Python. 4.) Start Burpsuite with default settings, go to the Proxy tab, click on the sub-tab "options" and edit the "Proxy Listener" to listen on all interfaces. This will ensure that Burpsuite will listen to all traffic to and from your mobile device. 5.) Visit http://burp/cert with your mobile device. A certificate will be automatically downloaded automatically which you will need to install. You will also need to rename the certificate file extension to “.cert” in order to install it. Read more 6.) Keep the ‘Proxy’ -> ‘Intercept’ sub-tab of the Burpsuite application open, you will need to keep clicking on the “forward” button as requests go in and out of your mobile device. This is where you will discover the API endpoints being requested by your banking app. 7.) In the images below we discovered the following: (i) For authentication the mobile app sends a POST request to this endpoint: “https://zmobile.zenithbank.com/zenith/api/customer/authenticate” with a payload. Read more: https://pystar.substack.com/p/how-to-build-a-poor-mans-monookra |
(1) (Reply)
6 Signs You Are Not Meant To Be A Programmer / Can Someone Help Me With With This Javascript Exercise Please / Atm Machines Should Be Programme To Speak In Pigin English
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 12 |