I pointed Claude at mitmproxy and it reverse-engineered my gym app's API

I track my workouts in Liftoff, a gym tracking app. The app is great for logging sets and reps, but I wanted Claude to help me analyze my training — suggest programming changes, spot plateaus, flag imbalances. The problem: there's no export button. My data was locked inside the app. So I asked Claude to figure it out. Claude runs mitmproxy I told Claude I wanted to intercept my Liftoff app's traffic. It walked me through every step — installing mitmproxy, configuring my iPhone's proxy settings, installing the CA certificate for HTTPS decryption. All I did was follow instructions and tap through screens on my phone. Then Claude ran mitmdump, told me to open Liftoff and scroll through my workouts, and read the captured traffic itself. Claude reverse-engineers the API From the mitmdump output, Claude figured out that Liftoff uses tRPC — a TypeScript RPC framework that batches requests into a specific envelope format. The API lives at a versioned subdomain (v2-12-2.api.getgymbros.com) and