Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API calls 404ing #16

Open
samwhite opened this issue May 26, 2024 · 0 comments
Open

API calls 404ing #16

samwhite opened this issue May 26, 2024 · 0 comments

Comments

@samwhite
Copy link

Hi!

First off, huge thank you for the work on keeping this project going - really appreciate it!

Since the past ~2 days, it looks like the API calls, at least the ones relating to login and refreshing the token, are no longer working.

Sample logs and a curl to the specificed URL below:

26 May 24 16:43 UTC FTL Unable to renew session error="Post \"https://api.nanit.com/tokens/refresh\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"

⏺ ~ % curl -vvvv https://api.nanit.com/tokens/refresh
* Host api.nanit.com:443 was resolved.
* IPv6: (none)
* IPv4: 54.83.247.102, 54.237.52.75, 50.17.178.79, 52.202.38.156, 107.21.203.164, 35.169.209.58, 52.202.240.14, 3.208.62.238
*   Trying 54.83.247.102:443...
* Connected to api.nanit.com (54.83.247.102) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.nanit.com
*  start date: Feb  1 00:00:00 2024 GMT
*  expire date: Feb 28 23:59:59 2025 GMT
*  subjectAltName: host "api.nanit.com" matched cert's "*.nanit.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.nanit.com/tokens/refresh
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.nanit.com]
* [HTTP/2] [1] [:path: /tokens/refresh]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /tokens/refresh HTTP/2
> Host: api.nanit.com
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 404
< date: Sun, 26 May 2024 16:46:25 GMT
< content-type: application/octet-stream
< content-length: 23
< server: nginx/1.9.12
<
* Connection #0 to host api.nanit.com left intact
{"message":"not-found"}%

Starting an issue here to track this; perhaps the API has moved/changed or there's some additional obfuscation going on? Might need to MITM the requests from the latest mobile app to compare.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@samwhite