{
"$type": "site.standard.document",
"canonicalUrl": "https://justingarrison.com/blog/2022-01-19-reverse-engineering-extension",
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreicrpsppatgtg4oci7cnajo2o37yq5h2o3bk4zyyyou3dgmoncvyfm"
},
"mimeType": "image/png",
"size": 1784470
},
"description": "Finding hidden APIs for fun and flexibility",
"path": "/blog/2022-01-19-reverse-engineering-extension",
"publishedAt": "2022-01-19T00:00:00.000Z",
"site": "at://did:plc:p7uix7mresfq4nfzxp3klgfa/site.standard.publication/3mmdn7mg2qm2d",
"textContent": "I’ve been using Revue for my 123dev newsletter and wanted an easier way to save URLs to include in future emails. If you’re not familiar with it, Revue has a chrome extension so you can send URLs to a queue which shows up next to the editor.\n\n!Revue sidebar showing staged links\n\nIt’s a really handy feature and I wanted to use it without the extension. Ideally, I could send these URL from my phone via a Siri Shortcut (I haven’t figured this part out yet).\n\nThe functionality wasn’t exposed in their API docs so I’d have to figure out another way. I learned some new things exploring the extension so I thought I’d share how I did it.\n\nReverse engineering the extension\n\nThe first thing I needed was to figure out what URLs the extension was calling. I tried watching Chrome dev tools for network calls, watching DNS requests, and tcpdump.\n\nWithout having a man in the middle to decode https it wasn’t going to work. Thankfully, someone pointed out the code is available if you have the extension installed.\n\nFirst, we need to get the extension ID from the installation URL.\n\n!img\n\nThe long string in the URL fdnhneinocoonabhfbmelgkcmilaokcg will be in our home folder with the source code.\n\nOn my computer it’s under $HOME/.config/google-chrome/Default/Extensions/fdnhneinocoonabhfbmelgkcmilaokcg. I opened the folder in vscode and looked at the main..chunk.js file.\n\nIt was minified so first I had to unminify it as best as possible. Formatting the javascript was as good as I could get it.\n\nFrom there I looked for POST url verbs to see what it was calling. I found this relevant code which looked like what I needed. It’s calling https://www.getrevue.co/extension/add.\n\n!img\n\nYou’ll see from the code the only thing it’s sending is a POST with a body. At this point I don’t know what the body should be, but I’ll try to figure that out later.\n\nGetting session cookie\n\nNow I need to jump over to Chrome to get my session cookie. Open getrevue.co in a tab and open dev tools.\n\nGo to the Application tab and then find Cookie in the left sidebar. Copy the value for _revue_session.\n\n!img\n\nSend a curl request\n\nNow we need to send our request and see if it works.\n\nWe still don’t know what the body data should look like, but looking at the API objects that are documented I’m going to guess it needs a title and url.\n\nSure enough that worked!\n\nHere’s a snippet of the response\n\n!img\n\nThe response gives us a much better idea of the full body data we can use. Adding a description will be a minimal amount of information that would be useful.\n\nNow we can send items from the CLI but what about from iOS?\n\n[WIP] Siri Shortcut\n\nSiri shortcuts are very powerful but also very cryptic.\n\nI was able to make a shortcut with the “Get contents of URL” function which is able to make a POST call.\n\n!img\n\nI can put in the URL, change the method to POST, and add a body with the required title and url variables.\n\nUnfortunately, when I try to use this shortcut from the share sheet I don’t think it uses my session token so I never get authenticated to the API.\n\nIf anyone knows a way to either open a Safari page and perform the action or a way to store an authentication token in the shortcut please reach out on twitter and let me know.\n\nlast modified* January 20, 2022",
"title": "Reverse engineering a chrome extension"
}