# ⚡ QUICK START - TRAFFIC CAPTURE IN 5 MINUTES ## The Simplest Way ### One Command That Does Everything: ``` .\FULL_CAPTURE_AND_ANALYZE.bat ``` This automatically: 1. ✅ Starts mitmproxy to capture traffic 2. ✅ Launches the app with all security bypasses 3. ✅ Extracts credentials from captured traffic 4. ✅ Shows you results in the terminal --- ## What To Do When The App Launches **In the app:** 1. Wait for login screen (~2 seconds) 2. Try logging in (test account credentials if available) 3. Go to "Track a Package" section 4. Enter any package number (example: 1234567890) 5. Watch the tracking details load 6. **Go back to terminal - it will show captured credentials!** --- ## What You'll See In The Output ### Authorization Tokens Found ``` [1] mobile-integration-api Authorization: Bearer eyJhbGc...XyQ [2] firebase-app-check-endpoint Authorization: Bearer ... ``` ### API Endpoints Discovered ``` [Canada Post API Endpoints] GET https://mobileintegration.1eqh5zpddmks.us-east.codeengine.appdomain.cloud/api/v1/track/... Status: 200 POST https://q26ff9ws86.execute-api.ca-central-1.amazonaws.com/prod/v1/subscriptions Status: 400 ``` ### Firebase Traffic ``` [Firebase Traffic] POST https://firebaseappcheck.googleapis.com/v1/projects/canada-post-2dce9/apps/... Status: 200 ``` --- ## After Getting A Bearer Token ### 1. See What's Inside The Token ``` python decode_jwt.py "eyJhbGc...your_full_token_here...XyQ" ``` **Shows you:** - User ID - Email address - When token expires - All data encoded in the token ### 2. Test The Tracking API ``` python test_apis.py --track 1234567890 --token "eyJhbGc...your_token...XyQ" ``` **Results:** - Saved to `api_test_results.json` - Shows API response - Tells you if endpoint works ### 3. View All Captured Traffic Visually ``` mitmproxy -r canadapost_traffic.mitm ``` **Then:** - Press `q` to see all requests - Select one with arrow keys - Press ENTER to see details - Press `e` to view request/response bodies --- ## 📁 Files Created For You | File | Purpose | |------|---------| | `FULL_CAPTURE_AND_ANALYZE.bat` | ⭐ **START HERE** - One-click everything | | `extract_creds.py` | Parse mitmproxy traffic for credentials | | `decode_jwt.py` | Decode JWT tokens to see what's inside | | `test_apis.py` | Test APIs with extracted credentials | | `extract_live_credentials.js` | Real-time credential capture with Frida | | `frida_simple_bypass.js` | Security bypass (SSL, root, emulator, license) | | `CREDENTIAL_EXTRACTION_TOOLKIT.md` | Full documentation | --- ## 🎯 Success Checklist - [ ] Run `.\FULL_CAPTURE_AND_ANALYZE.bat` - [ ] App launches and shows login screen - [ ] You perform actions in the app (login, track) - [ ] Terminal shows "Bearer token found" or similar - [ ] You get a token like `eyJhbGc...` - [ ] You can decode it with `decode_jwt.py` - [ ] You can test APIs with `test_apis.py` --- ## 🔴 If Something Goes Wrong ### Issue: "mitmproxy not running" **Fix:** Make sure you have mitmproxy installed ``` pip install mitmproxy ``` ### Issue: "No tokens found" **Fix:** Make sure you did these in the app: - Wait for login screen - Try to login or track a package - Wait 10 seconds for requests to complete ### Issue: "Frida error" **Fix:** Make sure frida-server is running on emulator ``` adb shell "ps | grep frida" ``` If not running, see GENYMOTION_SETUP.md for frida installation --- ## 📊 What You're Collecting | Item | Value | Risk | |------|-------|------| | User Session Token | `Bearer eyJ...` | 🔴 HIGH - Access to user data | | Firebase Token | Long string | 🟡 MEDIUM - Can access Firebase | | AWS Credentials | Keys + Secret | 🔴 HIGH - Access to AWS resources | | User ID | Numeric ID | 🟡 MEDIUM - Can enumerate users | | API Endpoints | URLs | 🟢 LOW - Already visible | --- ## 🚀 Ready? ``` .\FULL_CAPTURE_AND_ANALYZE.bat ``` Press ENTER and wait for the app to launch. That's it!