Unconventional Solutions

Our industry is about solving problems. Generally we look for elegance and maintainabilty, but sometimes, you just need a quick hack to get something done.

Any of you who have ever done work in Workamajig know that it has one of the least user friendly interface and an even bigger problem for those looking to integrate: No API access. Now as it happens, Workamajig is a Flex application. Flex, in most cases, communicates over AMF. The fun thing about that is its a well specified and well written-for protocol. So we have that.

The second problem to solve is that Workamajig is behind SSL, which means trying to sniff the content coming in over the wire via a WireShark or CharlesProxy is encrypted and thus useless. However, Charles gives us the ability to add a root cert for running it as a man-in-the-middle proxy to read the decrypted content on the client level. And boom, we can read the AMF data in the raw. Tell CharlesProxy to save the view response, write a quick script using a simple AMF deserializer libray and data galore.

With some of that knowledge, it would be almost trivial to write a custom API around the Workamajig system. Almost, because there is zero documentation and you'd have to capture all the requests for data you care about and harvest the actual parameters Workamajig is using to get your data and… well, you get the picture.

All this is to say, always think differently about the problems you're trying to solve. Usually, if you think outside the box, there are ways of getting around lack of accessability to the data you really care about.