I'm pentesting an android application written in Cordova and while inspecting the network traffic I found some interesting endpoint that I would like to test.
However, this endpoint need a tokenID (ex. eyJ[...].eyJ[...]
) and I don't know why, even after doing SSL unpinning (with more than one Frida script), I'm unable to intercept the request that is used to generate the token.
After some static analysis, I realized that the token is being requested by com.android.gms
(Google Mobile Service).
I managed to find the gcm_defaultSenderId
, google_api_key
and google_app_id
. However, since the apk is obfuscated, I didn't manage to discover how to craft the request.
Do any of you know if there is a way to craft gms tokens using a script?