I would like tips and ways on how I can simulate data search for an APP (Android) in PHP or Python.
I found this example link , where the Sinesp-Citizen APP is simulated in Python.
How can I debug the APP to identify URLS, Tokens, Passwords, Headers, etc.
This Sinesp-Citizen app is not being simulated, this code is just a facilitator to make requests for the app's true API in python ...
In case you want to do something similar to some other app, you have to study a little about HTTP Requests, XMLHttpRequests and understand the difference of a Rest and Soap API. Within that there are tokens, login and etc, but this is something more specific to the application and each has its way of doing it.
There are several ways to debug requests, or even apk code.
For monitoring requests sent and received through the APK the simplest way to debug is through other APKs that perform this monitoring. You can use for example the Packet Capture, or Shark Native, or derivatives. There is also the possibility to inspect requests through adb logcat.
However, the most efficient way to make sense is to read and understand the APK source code to handle requests. Since it is not a simple POST. You will need to format a SOAP, generate the Token according to how the application asks for this SOAP to be validated. For this, you can download APK from sinesp-citizen through an external website, for example apk pure. And use a tool like dex2jar to perform reverse engineering by generating a .jar and to view the content you can use a tool like JD-GUI, for example, to decompile the jar.
