Or just use this handy node package. I used it to auto like 22,000 people in LA, and went on dates for 9 days in a row. Let's just say I'm a bit exhausted.
I've been looking into packet tracing some mobile games that operate entirely online. I'm sure the mobile space is packed to the brim with unrestricted APIs... Thanks for the motivation/tips.
I don't think it's an "unrestricted" API if it uses https and you have to intercept and extract an auth token from a valid session. But I get what you mean -- it is fun to look under the covers and see how the big companies do things.
Yeah, I agree. MITM attacking your own auth token is not a great example of an "unrestricted" API. I'm thinking more POST requests to games where you can edit resources, change high score, etc. The kind of stuff you used to see all the time on web games, before popularity increased to the point where the developers had to take care of it.
I'd just imagine developers are a lot less wary about security holes because they assume that their client is "just" a smartphone and not a rooted packet sniffer.
You can combine with an Android emulator (to spoof GPS location), and a fake facebook to be literally anybody, anywhere, and see who likes you. While it's certainly not the intended use of the app, A/B testing your appearance to different regions is not out of the question.
By pinning the cert, the inspection of the protocol wouldn't have been possible the first place, since the app would reject fiddler's SSL cert. The tinder APK would only contain the information needed to verify the cert, not generate a valid one. If this wasn't the case, SSL would be useless.
Then you crack the app and bypass the auth check. App continues to talk to server, you continue to document the api. Or hook a debugger into the app and watch what network calls it makes. The only real solution would be to do sanity checks on the server.
https://www.npmjs.org/package/tinderbot
Edit: My tinder bot: https://github.com/deftx/loltinder