107 lines
2.6 KiB
Markdown
107 lines
2.6 KiB
Markdown
# TextMe Mobile Token Capture Guide
|
|
|
|
Since TextMe's web auth is broken (DNS doesn't resolve), we need to capture tokens from the mobile app.
|
|
|
|
## Prerequisites
|
|
|
|
```bash
|
|
# Install mitmproxy
|
|
brew install mitmproxy
|
|
|
|
# Or with pip
|
|
pip install mitmproxy
|
|
```
|
|
|
|
## Step 1: Start the Proxy
|
|
|
|
```bash
|
|
cd ~/.clawdbot/workspace/textme-integration/scripts
|
|
mitmproxy -s capture-token.py
|
|
```
|
|
|
|
This starts an intercepting proxy on port 8080.
|
|
|
|
## Step 2: Configure Your Phone
|
|
|
|
### Find Your Computer's IP
|
|
```bash
|
|
ipconfig getifaddr en0 # or en1 for ethernet
|
|
```
|
|
|
|
### iOS
|
|
1. Settings → Wi-Fi → tap (i) on your network
|
|
2. Scroll to "Configure Proxy" → Manual
|
|
3. Server: `<your-computer-ip>`
|
|
4. Port: `8080`
|
|
|
|
### Android
|
|
1. Settings → Wi-Fi → long press your network → Modify
|
|
2. Show advanced options
|
|
3. Proxy: Manual
|
|
4. Hostname: `<your-computer-ip>`
|
|
5. Port: `8080`
|
|
|
|
## Step 3: Install mitmproxy Certificate
|
|
|
|
With proxy configured, open Safari/Chrome on your phone:
|
|
|
|
1. Go to `http://mitm.it`
|
|
2. Download the certificate for your OS
|
|
3. **iOS**: Settings → General → VPN & Device Management → Install the cert
|
|
4. **iOS**: Settings → General → About → Certificate Trust Settings → Enable full trust
|
|
5. **Android**: Settings → Security → Install from storage
|
|
|
|
## Step 4: Capture the Token
|
|
|
|
1. Open the TextMe app on your phone
|
|
2. Log in or just use the app (if already logged in)
|
|
3. Watch mitmproxy terminal for "🎉 TOKEN CAPTURED!"
|
|
|
|
The token is saved to `~/.textme/captured-token.json`
|
|
|
|
## Step 5: Use the Token
|
|
|
|
```bash
|
|
# Copy token to credentials file
|
|
cat ~/.textme/captured-token.json
|
|
|
|
# Test with CLI (after updating auth to use saved token)
|
|
textme whoami
|
|
```
|
|
|
|
## Step 6: Disable Proxy
|
|
|
|
**Important!** After capturing, remove the proxy settings from your phone or it won't have internet access.
|
|
|
|
## Troubleshooting
|
|
|
|
### App shows SSL errors
|
|
- Make sure the mitmproxy CA cert is trusted
|
|
- Some apps use certificate pinning - may need to use Frida/objection to bypass
|
|
|
|
### No traffic appears
|
|
- Check firewall allows port 8080
|
|
- Verify phone and computer are on same network
|
|
- Try `mitmweb` for a web UI
|
|
|
|
### Token expires quickly
|
|
- TextMe tokens typically last 24 hours
|
|
- The CLI will need token refresh support (already built in auth.ts)
|
|
|
|
## Alternative: Android Emulator
|
|
|
|
If you don't want to proxy a physical phone:
|
|
|
|
```bash
|
|
# Install Android Studio, create an emulator
|
|
# Root the emulator and install the APK
|
|
# Use adb to set proxy:
|
|
adb shell settings put global http_proxy <your-ip>:8080
|
|
```
|
|
|
|
## Files Created
|
|
|
|
After capture:
|
|
- `~/.textme/captured-token.json` - The JWT token
|
|
- `~/.textme/discovered-endpoints.json` - All API endpoints seen
|