A useful technique for sure. The only technique I know to slow this down is to u... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ianlevesque on Dec 21, 2014 \| parent \| context \| favorite \| on: Reverse-engineering the Kayak app with mitmproxy A useful technique for sure. The only technique I know to slow this down is to use certificate pinning, but it's probably pointless. Some of your users are probably extremely motivated (like ours [1]) and it's obvious to them that what they are doing is unsupported. 1. http://difm.eu/dox/

nnd on Dec 21, 2014 [–]

Certificate pinning would help to prevent sniffing traffic with tools like mitmproxy, but once you decompile the binary, you can disable certificate validation.

I'm curious, in your case did you consider preventing using your API by third-party clients?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact