@echo off
REM COMPLETE SOLUTION: Bypass security + Block analytics + Extract token

echo.
echo ====================================================
echo  COMPLETE WORKFLOW: TOKEN EXTRACTION
echo ====================================================
echo.
echo This will:
echo 1. Bypass all security (SSL, root, emulator, license)
echo 2. BLOCK all analytics traffic (noise)
echo 3. Extract the actual user session token
echo 4. Show only real API calls
echo.

cd /d "%~dp0"

REM Kill existing app
adb shell am force-stop com.canadapost.android 2>nul
timeout /t 1 >nul

echo [*] Launching app now...
echo.
echo EXPECTED OUTPUT:
echo ==================
echo [+] Security bypasses active
echo [-] BLOCKED: Adobe Analytics traffic
echo [-] BLOCKED: Firebase telemetry
echo [+] Real API calls showing
echo [+] USER SESSION TOKEN CAPTURED!
echo.
echo ==================
echo.

frida -U -f com.canadapost.android -l frida_enhanced_bypass.js -l block_analytics.js -l extract_user_token.js

echo.
echo ====================================================
echo  COMPLETE!
echo ====================================================
echo.
echo Check above for:
echo   [✓] USER SESSION TOKEN CAPTURED!
echo.
echo Copy the full token and save it for testing.
echo Then run:
echo   python test_apis.py --track 1234567890 --token "your_token_here"
echo.
pause