0

I tried to scrape a mobile app happyfresh (indonesia based) here's a link to the app that has been mitm'ed https://drive.google.com/file/d/1EB0JfZiI1ADQkDj-Y2OgKAzIDVcYQHgk/view?usp=sharing

I can't get the first instance of url that's being fired to get the client token. I tried using the log in token on the device, but it expires after a while

Here's currently my code:

!pip install httpx[http2]
import httpx
client = httpx.AsyncClient(http2=True)
header={
'content-type': 'application/json',
'locale': 'EN',
'x-spree-client-token': '0115f406e71219ec9ea58e2eaaa4480ef966bdc42e245ec4bf601b23f07bd48e',
'x-device-id': '6923335fdd6fc988',
'x-advertising-id': '2e0acc03-2645-46bd-b464-0d3d8350b874',
'country': 'ID',
'x-country-code': 'ID',
'x-happy-client-type': 'android',
'x-happy-client-version': '3.81.2',
'x-happy-client-build': '2398',
'x-place-token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJlbWFpbCI6ImV4YW1wbGVAdXNlci5jb20iLCJ1c2VyX25hbWUiOiJleGFtcGxlIiwiY2xpZW50X2lkIjoxLCJpYXQiOjE2NjkxMzYzOTMsImV4cCI6MTY2OTEzNjY5M30.RKz_T08SS9HpkHaHNcXc4Hb31zgk6DKm1daCpIB7TDQ',
'x-happy-cash-shield-session-id': '4be315c3e3044ad18811815dc1fc3c22',
'accept-encoding': 'gzip',
'user-agent': 'okhttp/4.9.1'
}
response = await client.get("https://api.happyfresh.com/api/widgets/home?lat=-6.1608563&lon=106.7927658 HTTP/2.0",headers=header)

The response is automatically {'error': 'Missing Client Token'} because the token expires.

Can someone show me how do you find the url for the client token? I tried looking for it in the flow of mitm however do not find so.

It would be so great if someone could help me.

Hal
  • 193
  • 1
  • 9
  • Have you considered that the token is already invalidated (e.g. by time-out or by replacing the token with an new version? You should better call the login API yourself to get a new token. – Robert Nov 24 '22 at 16:24
  • I am trying to use guest mode, and the flow doesn't show the first token it generates. I am afraid I am missing something – Hal Nov 24 '22 at 16:26

0 Answers0