0

I'm writing an Android app and I want to capture the receipt data from some shopping websites/apps.

Here's the functionality I am trying to achieve -

  1. User visits GenericShoppingWebsite
  2. User does their shopping and goes through the payment process
  3. GenericShoppingWebsiteconfirms the payment and displays a receipt that shows the amount spent and the date of the transaction, etc...
  4. I want to capture this receipt data for processing.

On a regular desktop/chrome laptop this data can be captured using Chrome Extensions and running Javascript against the page that scrapes the data from the receipt. It could also be done using raw packet capturing and analysis (although this is alot more difficult and inefficient).

But Chrome Extensions do not currently work on mobile devices. And I don't think raw packet capture is possible on mobile devices. And then some of the shopping will be done through apps as opposed to websites. I also need to capture the receipt data from these apps. But I have no experience with app development so I have no idea what this entails.

So I am looking to capture receipt data when a user makes a purchase through on a mobile through a website, and if possible capture the purchases made through dedicated apps. Is what I am looking to do actually impossible or does anyone know a way of achieving this?

Has QUIT--Anony-Mousse
  • 76,138
  • 12
  • 138
  • 194
sonicboom
  • 4,928
  • 10
  • 42
  • 60

3 Answers3

1

You could capture request and respond via software like Fiddler (http://www.fiddler2.com/). It acts like a proxy server, so all you have to do is updating proxy/network settings in mobile device.

neo
  • 1,248
  • 1
  • 13
  • 26
  • Fortunately, apps cannot change proxy server settings without user intervention, and not all apps will necessarily use the centralized proxy server settings. – CommonsWare Dec 28 '12 at 17:48
  • This is for writing an app that will work on android devices. I think fiddler only works with android by setting up fiddler on a pc and connecting the mobile device to the pc. – sonicboom Dec 28 '12 at 17:53
  • 1
    that's true for proxy's settings. The app itself could make request to debugging proxy server, and the proxy send request to API server and send back the response. – neo Dec 28 '12 at 17:54
  • 1
    fiddler works for any mobile device with proxy/network setting. you do not need to connect the mobile device to PC. Instead, it works as long as both of them are in the Internet/LAN – neo Dec 28 '12 at 17:57
  • I'm not sure what you are saying. Are you saying I should send all traffic from the mobile device over the internet to a proxy server that I setup somewhere that is running fiddler? If so, is it possible to write an app that does this as it would not be feasible to have a regular user altering their proxy/network settings? – sonicboom Dec 28 '12 at 21:43
0

BurpSuite is one of the best options for Mobile Application Testing. Give it a shot, it's actually turned out to be more powerful than Fiddler.

user2940151
  • 1
0

you can setup Android virtual device on your computer. and install app which you want to monitor and analyze in that device using adb.

start using that app on virtual device and now you can start capture packets using wireshark. when you are done with using app. stop wireshark for capturing further.

now apply filter and analyze packets carefully. you will see all the details of urls, requests, response, cookies etc and lot more.

I have listed steps in answer to this question Sniffing an Android app to find API URL

Community
  • 1
  • 1
Alok
  • 7,734
  • 8
  • 55
  • 100