I am trying to reverse engineer the network API's for my baby monitor's app (Owlet) on my iPhone so I can access the live video stream from the Owlet cam.
My end goal is to create a plugin for Google Home and view the video stream there rather than having to use the Owlet app.
In order to isolate the network API's, I have used MITMPROXY and Charles Proxy to analyze the HTTP/S activity of my iPhone while using the app.
I downloaded the profiles from both proxies on my phone and trusted them (not simultaneously). I can use the Owlet app and view the cam livestream within the app while using the proxies, so in theory the proxies should be recording the activity.
The problem I am having is this: I cannot find the HTTP request for the video stream. All of the HTTP/S responses are "Content-Type: application/JSON". No chunked, no mpeg, or any other media file types or clues to indicate a request/response is a streamed video. I can see all of the authorization requests/responses and I can see metadata updates about the status of the Owlet hardware sensors, but nothing for the actual video stream.
I am able to replicate the authorization requests within the network. I can access metadata about the user account and the camera. But I cannot find out how to access the video stream from the camera.
Can HTTP/S proxies such as MITMPROXY and Charles essentially skip some network activity coming from the targeted device? Is it possible that the request for the stream URL is some other protocol besides HTTP/S that the proxies just ignore?
I am a novice regarding networking; please forgive any poorly phrased/understood concepts.