Thursday 3rd November, 2016
1:30pm to 3:00pm
mitmproxy (https://mitmproxy.org/) is a popular tool for observing HTTP(S) traffic between client applications and their API services by acting as a "man in the middle". The resulting service calls and their payloads can then be extracted and used in other applications and scripts. It also enables savvy users to hold apps accountable for how they transmit a user's private data. Popular apps such as Snapchat have had their APIs reverse engineered in this way, enabling user behavior that is unexpected (and sometimes undesirable) for app publishers. Another example is the small but growing open source community focused on studying the Robinhood stock brokerage app and its undocumented API that, as of this writing, remains open – enabling developers to experiment with $0 commission stock trading scripts.
This presentation will show how to set up mitmproxy on a workstation, connect a second device, and log otherwise secure HTTPS traffic – capturing the underlying API calls to understand the functioning of undocumented 3rd-party APIs. We will also explore what this means for API publishers, app developers, and users concerned about their digital security.
Sign in to add slides, notes or videos to this session