Chrome/Firefox extension for pen-testing to retrieve encryption keys of Widevine protected content !DON'T DECRYPT CONTENT UNLESS YOU HAVE THE RIGHT TO DO IT!
GNU Affero General Public License v3.0
268
stars
58
forks
source link
Automatically select correct request based on content of it even when License URL is used for multiple purposes #25
the url selection for polsatboxgo isnt working correctly, its choosing the wrong request.
https://b2c-www.redefine.pl/rpc/drm is used for basic json requests to "checkProductAccess" and also for license requests.
eg. "checkProductAccess" request
HTTP POST https://b2c-www.redefine.pl/rpc/drm/
request payload:
{"id":1,"jsonrpc":"2.0","method":"checkProductAccess","params":{<removed>}}
response:
{
"id": 1,
"jsonrpc": "2.0",
"result": {
"status": 0,
"statusDescription": "has access",
"statusUserMessage": "Dostęp do materiału jest bezpłatny"
}
}
you can manually workaround the issue by manually selecting the last request to "https://b2c-www.redefine.pl/rpc/drm/", but it would be good to be able to automatically choose the right request, either by request/response data, headers or even just the most recent request.
the url selection for polsatboxgo isnt working correctly, its choosing the wrong request. https://b2c-www.redefine.pl/rpc/drm is used for basic json requests to "checkProductAccess" and also for license requests.
eg. "checkProductAccess" request
license request (removing all the extra fields)
you can manually workaround the issue by manually selecting the last request to "https://b2c-www.redefine.pl/rpc/drm/", but it would be good to be able to automatically choose the right request, either by request/response data, headers or even just the most recent request.