@echo off
REM Extract the actual user token being used by the app

echo.
echo ====================================================
echo  EXTRACT USER SESSION TOKEN
echo ====================================================
echo.
echo This will capture the actual Bearer token that the
echo app uses for API calls
echo.

cd /d "%~dp0"

REM Kill existing app
adb shell am force-stop com.canadapost.android 2>nul
timeout /t 1 >nul

echo [*] Launching app and monitoring for tokens...
echo [*] You should see: [✓] TOKEN FOUND FOR TESTING
echo [*] Copy the full token that appears
echo.

frida -U -f com.canadapost.android -l frida_simple_bypass.js -l extract_user_token.js

echo.
echo [*] App session ended
echo [*] Check above for: [✓] USER SESSION TOKEN CAPTURED!
echo.
pause