This is a WIP documentation for the API powering the popular price tracker Geizhals/Skinflint.
For information on how to create the bearer token, which is required for almost every request, see bearer_token.md
Feel free to create issues and or pull requests.
Since the web version of geizhals only provides static text, it was necessary to reverse-engineer the smartphone app.
Because of the use of SSL-Pinning, mitmproxy alone, isn't enough to monitor the network traffic. If you want to help me document the rest of the endpoints or potential future changes in the API, I recommend the following tools (android):
- mitmproxy to monitor the network requests
- iBotPeaches/Apktool to unpack the apk
- frida for ssl-unpinning code-injection
- frida-interception-and-unpinning. This is one of the very few unpinning scripts that actually worked. Httptoolkit also works if your phone is rooted and you don't have a problem with light mode GUIs (not-recommended).
- Follow this guide to patch the geizhals apk.
- Hint:
extractedFolder/smali/at/geizhals/android/MainActivity.smali
- Hint:
- I also recommend to skip step 7. and instead use patrickfav/uber-apk-signer to sign the apk.
- Then just follow the instructions for
frida-interception-and-unpinning.
See Redocly/openapi-starter for more information about redocly.