My company uses an application called TotalHRWorks for time keeping and what not. They have an Android and iOS application; however, there is no Windows Phone application. Since there is an Android and iOS app, I figure that I should be able to create a Windows Phone app; but I don’t know where to start with trying to discover maybe their web service or whatever APIs that I could use to make it. I don’t know whether this can be done or if it’s “legal” to do such things – but it would be really handy to have.
3
If you’re lucky they’ll be communicating with their server over unencrypted HTTP.
If you’re mildly lucky they’ll be using HTTPS without cert pinning.
If you’re really unlucky they’ll be using HTTPS with cert pinning, or something altogether different.
Regular ol’ HTTP is easy to snoop using tools like Fiddler. If HTTPS is involved you can use Fiddler to issue a Root Certificate and get your phone to trust it. That will allow Fiddler to snoop into HTTPS traffic… unless the app uses cert-pinning.
If they’re not using HTTP-based communication you could look into using wireshark (which is a bit lower level) to try and reverse engineer what’s going on.
I got lucky once and managed to reverse engineer a game’s API and write my own cheat client.
It was lot’s of fun! So much fun that the dev team eventually emailed me asking me to stop 🙂
2