https://github.com/approov/currency-converter-demo

This demo is to support the article https://blog.approov.io/steal-that-api-key-with-a-man-in-the-middle-attack
https://github.com/approov/currency-converter-demo

api api-key apis approov approov-demo

Last synced: 3 days ago
JSON representation

This demo is to support the article https://blog.approov.io/steal-that-api-key-with-a-man-in-the-middle-attack

• Host: GitHub
• URL: https://github.com/approov/currency-converter-demo
• Owner: approov
• Created: 2019-03-28T13:34:24.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2024-02-07T11:33:56.000Z (9 months ago)
• Last Synced: 2024-04-14T17:01:21.967Z (7 months ago)
• Topics: api, api-key, apis, approov, approov-demo
• Language: Java
• Homepage: https://approov.io
• Size: 273 KB
• Stars: 11
• Watchers: 7
• Forks: 7
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# CURRENCY CONVERTER DEMO

This repository is part of the articles:

* [Steal that API key with a Man in the Middle Attack](https://blog.approov.io/steal-that-api-key-with-a-man-in-the-middle-attack).

* [Securing HTTPS with Certificate Pinning on Android](https://blog.approov.io/securing-https-with-certificate-pinning-on-android).

* [Bypassing Certificate Pinning](https://blog.approov.io/bypassing-certificate-pinning).

* [How to Protect Against Certificate Pinning Bypassing](https://blog.approov.io/how-to-protect-against-certificate-pinning-bypassing).

## HOW TO USE

For your convenience we host ourselves the backend for this demo. Please read the articles to find the specific url for each article backend and to better understand the purpose and the scope where you will be using the Currency Converter Demo.

If you prefer to have control of the backend please follow the [deployment](/docs/DEPLOYMENT.md) guide to deploy the backend to an online server. It's necessary to deploy to an online server only for the article where we show you how to protect against certificate pinning bypass, other articles are fine with using localhost for demo purposes, and you can use the `./stack` bash script to help you with running it locally.

### The Stack

In order to make easy to follow the demo, a bash script is included:

```bash

  ./stack

CURRENCY CONVERTER DEMO STACK

  A stack that uses Docker containers for running the Currency Converter Demo.

USAGE:

  ./stack [options] [command] [arguments]

OPTIONS:

  -d, --detached          Run the docker container detached from the terminal:

                            $ ./stack -d  

                            $ ./stack --detached  

  -h, --help              Shows the help for the Elixir CLI and Stack:

                            $ ./stack -h

                            $ ./stack --help

  -it                     Runs the docker container attached to the terminal:

                            $ ./stack -it  

COMMANDS / ARGUMENTS:

  down                    Stops and removes all running containers:

                            $ ./stack down

                            $ ./stack down proxy

  install                 Pulls the official Docker image for mitmproxy:

                            $ ./stack install

  mitmweb [options]       Runs a mitmweb command:

                            $ ./stack mitmweb --listen-host  --web-iface 

  up           Starts the docker containers for running the stack:

                            $ ./stack up proxy 

```

Mainly the bash script is a wrapper around Docker commands.

### The Mobile App Demo

Please see the [README](./mobile-app/android/README.md) for the instructions.