need some ideas on how to extract subtitle from streaming service

[naim2007]

Hi There,

Can someone here help me on how to extract subtitles from this streaming service.
downloading subs & contents from web or browser is esy pzy
The probleme is most of episodes works only in android app
https://www.gohitv.com

[BeLive]

What's the issue exactly? You need help with getting subtitles from the android app (since on web-browser you don't see all episodes)?

[naim2007]

What's the issue exactly? You need help with getting subtitles from the android app (since on web-browser you don't see all episodes)?

Yes. exactly. any ideas please?

[AbortRetryFail]

A start would be finding out the requests your phone makes when running the application.

Getting https://mitmproxy.org/ running on a computer would be a good first step. I think you can run mitmproxy in Termux on Android but it's a little hard to use it and your target application on the same device. Fiddler on the host should also work in theory if you prefer that.

If your phone is rooted, from what I remember you need two Magisk modules: frida-server (get it from ViRb3's GitHub repo, or just transfer the binary to your phone with ADB and manually start it on each boot) and a module that transfers user installed certificates to the system store. There's a lot of Magisk modules that can do that, I don't know which is the best. Use the module to install mitmproxy's certificate to the system store. I actually like HTTP Toolkit for this but that's not free (no affiliation).

If your phone isn't rooted, you'll need to repack the target application to accept user-installed certificates (a change to AndroidManifest.xml I think?) and to include frida-gadget. There's a lot of scripts on GitHub that can do that for you automatically. I don't know which is the best because I use a rooted phone for this stuff.

Once you've configured your phone to proxy requests through mitmproxy, try this Frida cert unpinning script: https://httptoolkit.tech/blog/frida-certificate-pinning/

You'll know if it works if mitmproxy starts showing the requests made. I think it's possible to script mitmproxy, so in theory you could write a script that saves the response contents of matching requests to your computer if the subtitles are just something simple like a WebVTT/TTML file.

[naim2007]

@AbortRetryFail
Thank u so much sir. you give me what exactly i need.
Much appreciate.

[AbortRetryFail]

@AbortRetryFail
Thank u so much sir. you give me what exactly i need.
Much appreciate.

You're welcome, boss. As I just traced the requests myself for a certain streaming program myself, here's some tips:

• For viewing, mitmweb is a lot more friendlier than mitmproxy
• The Magisk modules for certificates in the Androidacy repos don't work. https://github.com/NVISOsecurity/MagiskTrustUserCerts however does work. Just clone that repo and make a new zip with the files from there, because the zip in the releases is missing a fix. https://github.com/andyacer/movecert sounds like it would also work but I didn't test it.
  • (Also, the Androidacy repo is an ad-laden POS and the merely repackaged modules from there obnoxiously load a page from there while being installed in Magisk to track installs and to make more ad money for the guy, because being subjected to a Captcha and ads beforehand wasn't enough. Avoid.)
• Some streaming programs detect frida-server and crash. Harder-to-detect versions can be found on GitHub. Just replace the binary in the Magisk frida-server module with one of those
• HTTP Toolkit is nicer than mitmproxy but sadly it couldn't handle the requests of the app I tested it on

EDIT: Of course, Frida is technically optional, but it's very likely certificate pinning is used by your target application so in practice it's not really optional. There are Xposed modules as an alternative to disable pinning but then you're fighting with Safetynet.