## My computer, my data, my code - liberating your data from user-hostile apps. This 2 hour workshop will guide you through analysing a real application, and re-implementing it just enough in code to get your own data out. Date: Saturday, 24th February 2024 Venue: smallcase, 51, Convent Road, Richmond Town, Bangalore Time: 11 am. RSVP are closed but reach out if you're interested: https://fossunited.org/meetup/rsvp/2024/02 ## Learning Outcomes: 1. A basic idea of what goes into re-implementing real-world applications as FOSS. What tools are required, what do actual flows look like. 2. Experience with ZAP/mitmproxy, the open-source proxy for such usecase. 3. A better understanding of HTTP, sessions, authentication. 4. Writing some basic web request code, generating CSV files. ## Pre-requisites 1. Basic understanding of at least one programming language. Ideally one of Python/Ruby/Bash/Javascript, but others will also do. 1. A mobile device - either iOS or Android will do. Recommended, but not necessary. 1. A laptop with a working \*nix setup and WiFi. WSL/MacOS/Linux should be fine. 2. A working setup of your favorite programming language. ## Workshop Flow 1. **Agenda, Fundamentals Workshop Walkthrough** - Tooling introduction, and explanation of fundamentals (HTTP Requests, Proxies, Reverse Engineering, FOSS) 2. **Traffic Capture & Analysis** - Walk everyone through signing up and using the application while attached to a proxy. Basics of ZAP (First 15 minutes), then letting users play around for the next 30 as we guide them towards web flows. 3. **Code Generation** - Simple code generation using tools such as https://curlconverter.com/. Understand what the code does. 4. **Data Export** - Final code changes to generate your data export, suggestions for improvements etc. ## Non-Goals Due to this being a short 2 hour workshop, we cannot go in depth, and this is meant as a beginner-friendly workshop to dip your toes in the field. A few call-outs for what will _not be covered_: 1. Learning Reverse Engineering - We cannot deep-dive into learning Android/iOS RE skills, and will limit ourselves to just traffic analysis. 2. Teaching Basics of Programming - We assume you know how to code in atleast one programming language, and are sufficiently profecient to know how to make web requests in your language of choice. ## Workshop Trainers Nemo is creator of endoflife.date. Previously, he was a founding engineer at Razorpay, where he reversed applications for fun and fintech. Vivek is an ex-engineer at Razorpay, he hacks things for fun and profit. Both of us have conducted workshops together in the past.