Ola bill Generator

The way I chopped Ola, India's largest start-up company.

Couple of months ago, I was watching my telephone conversations from a proxieserver. As I did, I saw Ola API invocations going from my cell phones (as I was bookin' a taxi). To those who know nothing about Ola, Ola Cabs is the largest taxi operator in India and also the largest rival of Uber (again in India).

When I saw the blinking binaries from my system, I left my week-end projekt and began optimizing and redeveloping Ola's API', which finally led to her financial transactions system being destroyed. Worked on a small side job where I was supervising my telephone work. To this end, I utilizedMITM proxies, a very lightweight, console-based proxieserver.

When I booked my taxi, I saw Ola calling my own api. I' ve been very interested in the structure of the API-Call. Those invocations were plain HTTP queries with no authentication mechanisms or other encoding to protect the application programming interfaces (APIs). It is easy to reproduce these invocations from a desktop computer or just with Chrome.

Enquiry to get taxis for a certain degree of longitude and latitude. At the top is a protocol of the inquiry to bring taxis for a certain degree of latitude as well as degree of longe. That' exactly what went from my cell phones to their Servers with a few deviceid and install-id paidloads. It indicates the lack of server-side validations for call APIs.

What you get in reply below is a JSON of taxis near your present position. I was very lucky after successfully following and picking up the taxis, because (no insult to ola) her apple is shit. Your application works so seamlessly and taxi bookings are child's play. I' ve built a one-tap application where once I've defined my settings, a threaded one can run in the back and make a one-tap cabin reservation.

On the one hand, it made my job a lot simpler and at the same time fulfilled the requirement to fully automate the accounting procedure. Stage Three: Another call of the Ola Application Programming Interface (API) to the Ola servers to confirm the transactions and finish the work. Upon completion of the deal, I began to connect the points to help me better comprehend their system. Put plainly, all of Ola's transactional APIs employed a basic HTTP protocols and transmitted information in pure text.

Once I had observed, tracked and connected all my calls to the application programming interface (API), my consoles were set to dropping the blast. When I prayed on my lip I took my first bullet, i.e. creating an order ID. I' ve once again targeted and below is what a clean query looks like, with the answer from their servers.

I now have a transaction-ready order ID that I can use to confirm it. Within a few seconds I got a text on my mobile which confirmed the loading process and I was like YESSSSSS..............it's done!!!!!!!! Please notice that I did not even create a new order, it was the same order ID.

Perhaps that's why client service always shits. Here is another screenshots of my mobile device showing the success of the transaction. Nearly a year and a half later, I'm still awaiting an answer or confirmation (and I thought naive that it was just Ola's service that was bad).

Ola's taxis are still very erratic. Almost 20 phone and email messages later I got a message from her technical department saying that my headphones were in her Gurgaon desk and I can only pick them up from there (which is almost 40-60 km away). I' m sick and tired of them not supporting me anymore.

Missing enforcement of safety protocol like HTTPS or Tokens-Validierung. When carrying out monetary operations, a verification of tokens should be provided. As a minimum, suitable server-side verifications should be available.