Hello,
I was trying my best to login to snapchat using their private API but with failed attempts.
However, Now I've found one iOS application in appstore. That can login to snapchat successfully.
I've Sniffed the traffic using Burpsuite. HTTP requests goes to a private server API. then it send requests to Snapchat API as Shows below:
---------------------------------------------------------------
HTTP POST:
POST /mainop/loginauth HTTP/1.1
Host: sc.*********.com
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Accept: */*
User-Agent: ********/1.8 (iPad; iOS 9.3.1; Scale/2.00)
Accept-Language: en-US;q=1, ar-US;q=0.9
Accept-Encoding: gzip, deflate
Content-Length: 104
password=passtest&sign=89390375953fb95443f5411ebbcea87ce58e002f76dee1e6a3edddb3d401b9cc&username=mzaboss
-------------------------------------------------
HTTP Response:
HTTP/1.1 200 OK
Date: Fri, 13 May 2016 19:13:59 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Content-Type: application/json
Content-Length: 1367
X-Cnection: close
{"result":true,"message":"OK OK","data":{"endpoint":"https:\/\/[login to view URL]\/loq\/login","code":200,"headers":{"Accept":"*\/*","Accept-Language":"en","Accept-Locale":"en_US","User-Agent":"Snapchat\/9.26.0.1 (iPod7,1; iOS 8.4; gzip)","X-Snapchat-Client-Auth-Token":"v5:FC09E8B233F84D3406760FC2:39211320AF436A4ED7D7719F8305EEFEC4149D8BA37E45D42C23A24FE2CE87D3FD067AFACD8348E11EAEB6D07DDE21E3010897988047F7ED11B6EE0D941107E7173FBCAF073F44E2DDC6D7151723671660B911098406CCEF7AED0537978E0C6E654148185C8FAB9FCD1FAE8916061893C94A43E8A8BFA078AEED42FAF6CF7E42EEF503D6292BFB5EA3B12A5A164FC23F4E86","X-Snapchat-Client-Token":"v5:D3F899E30D9A8D08235B48E8:EA9955D26E294EBB9DA04B14963B864FF15CECE6B1FBC5CF9D06590223CCE2C73597F114ED61DB83DEFBCE1BDE7FC4D23E60D5D899EC048E9D23846AA708EF9C8C93FCBF6AAB178D80E185A165D944876DD632918A3E5C334C193227CB04B6A5A992E0","X-Snapchat-UUID":"0794F222-0187-4A70-B451-9A0C21D8DF1B"},"params":{"confirm_reactivation":"false","from_deeplink":"false","height":"1136","nt":"1","password":"passtest","pre_auth_token":"","remember_device":"true","req_token":"930ee855ba0116486ec7b5e4f0a644b4c9ed4d8819a91a8409b43414d4c51acb","screen_height_in":"3.5","screen_height_px":"568","screen_width_in":"1.9","screen_width_px":"320","timestamp":1463166839974,"username":"mzaboss","width":"640"},"settings":{"force_clear_headers":true,"force_clear_params":true}}}
---------------------------------
So what I want is.. I'd like to know how the post requests generate an "Sign="
password=passtest&sign=89390375953fb95443f5411ebbcea87ce58e002f76dee1e6a3edddb3d401b9cc&username=mzaboss
The point is I want to be able to send requests with auto generation Sign.
I believe is something related with this one:
[login to view URL]
Skype: mzaboss
Thank you,
regards.
“He does great work, very quickly. Got something back that was better then I expected and at 1/10th of the time I expected. Will definitely be hiring again!”
blinthicum
----------------------------------------------------------------------------
Hi,
It has more than a month I use my profile in freelancer.com .
Work more than five years with web development , desktop , mobile and games in different languages and platforms .
I have over 3 years of experience in design. 2D design , illustration and 3D production , whether for modeling, animation and rendering.
It would be an honor to work on your project and have the chance to be judged by my service .
I will surely do my best.
Thanks