N
N
numitus22016-05-25 17:02:15
reverse engineering
numitus2, 2016-05-25 17:02:15

How can a server detect a bot?

I am engaged in reverse engineering of one mobile client. I wrote mitm proxy in python. The problem is that the server detects that it is not the original client that is connecting. Although, as far as I checked, the server does not request a client certificate. What other detection options can there be?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Alexey, 2016-05-25
@alsopub

The client can send data from a certificate (received from mitm) that the server does not match with its own. Or the client can receive some data from the server, encrypt it with the server's certificate data, and send it back. It would be nice to see the exchange (if it is at least somehow readable) until it is determined that the client is not native.

R
Rou1997, 2016-05-25
@Rou1997

Are there few of them, maybe they forgot the title, or a query parameter.

C
CityCat4, 2016-05-25
@CityCat4

Whatever. The client can transmit some kind of "magic sequence" - the key by which "friend or foe" is determined. If the exchange is encrypted - useless. If there is a decrypted original exchange, sit down and sort through the packets what is being transmitted and why.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question