There is one site, I want to get json data from there. Requests to the site are sent through the Android application. It turned out with a sniffer to take all the headers and get-parameters that the application sends to the server. I try to send via curl / postman a request for / mobile.aspx?access_token=token with all headers, but I get Access Denied. I look through the sniffer, the application sends a request and receives data.

Question: can there be a check, if the request was sent not from the application, then output Access Denied? Or maybe some additional headers need to be inserted?

  • you may not have copied all the data. Perhaps some field changes with time. For example, some kind of token is generated depending on the current time. In any case, judging by your question, you are trying to do something that the site owner does not want. - Vladyslav Matviienko
  • Yes, I noticed that the get-parameter "nonce" is changing. That just turned out to take the data, everything was correct. The second time I updated the page - already Access Denied. This is where this "nonce" is generated from - Nichh
  • & nonce = c7941b2d-9746-4ee8-bf30-f7e4c7057b2b Can it be possible to somehow decipher it? This is something to do with time - Nichh
  • A nonce is usually a request-specific encrypted number. Each time a nonce is added 1, and encrypted. Deciphering will not help, since this is 1. It is useless if you use modern algorithms. 2. They spent their money \ efforts to create a service, and obviously do not want anyone else to use it. I myself would not want anyone to engage in this kind of theft of my intellectual property, so I will not help - Vladyslav Matviienko

0