Download K F C Menu Data from App

There's a deal going on over at OzBargain where the member downloaded the KFC AU menu data via mitm (main in the middle?) and combed through the information to find hidden deals. 21 chicken for $21 for example.

Knowing nothing about this technology and how to replicate the process, is it possible to do the same for the NZ version of the app?

We can't get the secret menu like they do, but there may be something else in there…

Just food for thought.

Comments

  • +1

    While I'm procrastinating 4 assignments I thought I may as well look into it, I'm no expert with APIs but here's a full dump (beware its very long, messy and repetitive):

    https://raw.githubusercontent.com/tiltedirl/kfry/main/fulldu…

    Here's the 'promo items' which may or may not be available as of now, I'm not sure as I don't order from the app:
    https://raw.githubusercontent.com/tiltedirl/kfry/main/promoi…

    The full dump was pulled from:
    https://api.kfc.co.nz/menu/kfc-nz-delivery-pod2

    I can also see a request being made to:
    https://api.kfc.co.nz/baskets/61ef7038-234f-47d5-b4e2-c86a96…

    which seems to be a more specific query for one item to add to cart (its a POST with headers rather than a GET).

    There's also a bunch of store keys:
    https://api.kfc.co.nz/configurations

    Maybe someone can do something of use with this information.

    • +1

      Aweome, thank you. I'll comb through the data and see what I discover when I have a free minute. Similar to you, thesis chapter and x2 reports.

      • +1

        Always a good time putting off work.

        FYI if you want to play around with the site and APIs:
        1. Inspect the site and it'll open the dev window (F12)
        2. Hit 'Network' at the top of the dev window
        3. Filter by clicking 'XHR'
        4. Go to a menu item or anything really and you should see something like 'Name: xyz Type: xhr' etc
        5. Click one of them and you'll see a request URL (API link), Method (GET = request data, POST = send data)
        6. Clicking 'Preview' or 'Response' will give you data from the request
        7. Gz you just passed one assignment from my degree

        Extra for experts: Get Postman and put the api url in there and you can input headers, filters and auth tokens if you can figure them out. But of course that requires a bit more trial and error/effort.

        • Out of curiosity, is this data you grabbed straight from the website? That full dump info seems to line up well with the KFC browser menu after I played around in dev tools. If so, how do I go about repeating the process for the app?

          Just going off the OzBargain deal, seems that items listed in the dump here are missing 'Menu Item IDs'. Could be just the way KFC NZ does it or something else. Because if we were to find hidden items, I think we would need those IDs to create links (somehow) that takes us to the item so we can order it.

          Obviously I have no idea what I'm talking about. Just slowly trying to understand what old mate (OzBargain) wrote in his/her 'nerdy write-up'.

          • +1

            @Wakrak: Yeah it's same data as from the api in the browser window. You shouldn't need to do it for the mobile app because api calls no matter what platform will produce the same data, I also made sure of this using a MITM and its pretty same same.

            The 'baskets' call up there just looks to be a session ID of some sort to hold the data so that's of no use really because it'd be variable user to user.

            KFC nz seems to be doing things in a more simple fashion as they have plaintext ids and generic api queries. AFAIK they also dont use google ads here for direct to app purchases like au does. So really I think we aren't going to get too far until their system is more complex or until they post a straight to app promotion. The missing link is really just a url we can piggyback off to determine the right path to follow.

Login or Join to leave a comment