I have a group chat in kik messenger that has reached over 50 members. I need to automate some things like reputation points based on engagement and also kicking inactive members that don't post anything for XXX days. I've looked at the API reference and it seems that the only way bots can be interacted with in groups is using @mentions. which means we can't add them to groups and they can't monitor the group conversations. I've also come across this but it doesn't seem like it could help.
The current kik bot API gives very limited privileges and does not allow monitoring group messages so I've been thinking of reverse engineering the server API and creating a normal account that acts as a bot and interacts with this API. I've managed to reroute the traffic through fiddler, but I'm not sure where to go from there.
So the question is: Whats the workflow to follow for reverse engineering an API of an app that's running on an android emulator
Thanks in advance
This are general instructions for inspecting network traffic and how to debug interactions with APIs. Use them only for devices/APIs you're allowed to. Be aware of the possible legal implications and seek legal advice beforehand. For example it might be illegal to reverse engineer something in your country.
Preparations:
If the app/device does not support proxies, start an ad-hoc WiFi network on your computer, connect the device to it and use Wireshark (instructions how to decrypt SSL) to capture the entire traffic.
It seems like you already did this. Now it's time to perform whatever actions you like to inspect/intercept on your phone and watch/record the requests they trigger. This could look like this:
If you think that you found out what you were looking for try to recreate the session using a tool like curl and check whether the results match your expectations. If not, continue gathering data and try again. Write some automated tests to being able to verify the behaviour in the future.