OK guys, non pro in cs here – I have a suspicion that an app that is used by a client of mine maybe stealing data / collecting illegally. The main features are via a sass, they also have a desktop app and browsers add-on both with limited features too. I need to fond a way to assess what apis are being called on each platform to see if I can pinpoint where and how the data is being collected. Any ideas? Someone recommended burp suite and wireshark. Are they of use here?