Kate creates Burp Room, and you will explains the brand new HTTP requests that laptop was delivering with the Bumble host
Won’t knowing the associate IDs of the people inside their Beeline enable it to be someone to spoof swipe-sure requests on the all the people with swiped yes with the all of them, without paying Bumble $step one
In order to work out how the fresh app really works, you need to work out how to post API requests to the newest Bumble host. Their API actually publicly documented because it isn’t really intended to be useful for automation and you can Bumble does not want people as you creating things like what you’re creating. “We’re going to explore a tool entitled Burp Collection,” Kate states. “It’s an HTTP proxy, which means that we can make use of it so you’re able to intercept and you may check always HTTP demands going about Bumble website to the Bumble host. By monitoring these desires and answers we can figure out how so you’re able to replay and you will change all of them. This can allow us to build our very own, designed HTTP needs regarding a program, without the need to look at the Bumble application otherwise web site.”
She swipes sure with the a beneficial rando. “Come across, here is the HTTP request that Bumble directs after you swipe yes on the somebody:
Blog post /mwebapi.phtml?SERVER_ENCOUNTERS_Choose HTTP/step one.step one Server: eu1.bumble Cookie: CENSORED X-Pingback: 81df75f32cf12a5272b798ed01345c1c [[. then headers erased having brevity. ]] Sec-Gpc: 1 Partnership: romantic < "$gpb":>> ], "message_id": 71, "message_type": 80, "version": 1, "is_background": false > “There is an individual ID of the swipee, throughout the individual_id community inside body industry. If we can be find out the user ID away from Jenna’s membership, we can insert it into that it ‘swipe yes’ consult from your Wilson account. (далее…)