VideoHelp Forum

+ Reply to Thread
Results 1 to 6 of 6
Thread
  1. psaframe
    Join Date
    Mar 2021
    Location
    Algeria
    Search PM
    Hi There,

    Can someone here help me on how to extract subtitles from this streaming service.
    downloading subs & contents from web or browser is esy pzy
    The probleme is most of episodes works only in android app
    https://www.gohitv.com
    Quote Quote  
  2. What's the issue exactly? You need help with getting subtitles from the android app (since on web-browser you don't see all episodes)?
    Quote Quote  
  3. psaframe
    Join Date
    Mar 2021
    Location
    Algeria
    Search PM
    Originally Posted by BeLive View Post
    What's the issue exactly? You need help with getting subtitles from the android app (since on web-browser you don't see all episodes)?
    Yes. exactly. any ideas please?
    Quote Quote  
  4. A start would be finding out the requests your phone makes when running the application.

    Getting https://mitmproxy.org/ running on a computer would be a good first step. I think you can run mitmproxy in Termux on Android but it's a little hard to use it and your target application on the same device. Fiddler on the host should also work in theory if you prefer that.

    If your phone is rooted, from what I remember you need two Magisk modules: frida-server (get it from ViRb3's GitHub repo, or just transfer the binary to your phone with ADB and manually start it on each boot) and a module that transfers user installed certificates to the system store. There's a lot of Magisk modules that can do that, I don't know which is the best. Use the module to install mitmproxy's certificate to the system store. I actually like HTTP Toolkit for this but that's not free (no affiliation).

    If your phone isn't rooted, you'll need to repack the target application to accept user-installed certificates (a change to AndroidManifest.xml I think?) and to include frida-gadget. There's a lot of scripts on GitHub that can do that for you automatically. I don't know which is the best because I use a rooted phone for this stuff.

    Once you've configured your phone to proxy requests through mitmproxy, try this Frida cert unpinning script: https://httptoolkit.tech/blog/frida-certificate-pinning/

    You'll know if it works if mitmproxy starts showing the requests made. I think it's possible to script mitmproxy, so in theory you could write a script that saves the response contents of matching requests to your computer if the subtitles are just something simple like a WebVTT/TTML file.
    Quote Quote  
  5. psaframe
    Join Date
    Mar 2021
    Location
    Algeria
    Search PM
    @AbortRetryFail
    Thank u so much sir. you give me what exactly i need.
    Much appreciate.
    Quote Quote  
  6. Originally Posted by naim2007 View Post
    @AbortRetryFail
    Thank u so much sir. you give me what exactly i need.
    Much appreciate.
    You're welcome, boss. As I just traced the requests myself for a certain streaming program myself, here's some tips:
    • For viewing, mitmweb is a lot more friendlier than mitmproxy
    • The Magisk modules for certificates in the Androidacy repos don't work. https://github.com/NVISOsecurity/MagiskTrustUserCerts however does work. Just clone that repo and make a new zip with the files from there, because the zip in the releases is missing a fix. https://github.com/andyacer/movecert sounds like it would also work but I didn't test it.
      • (Also, the Androidacy repo is an ad-laden POS and the merely repackaged modules from there obnoxiously load a page from there while being installed in Magisk to track installs and to make more ad money for the guy, because being subjected to a Captcha and ads beforehand wasn't enough. Avoid.)
    • Some streaming programs detect frida-server and crash. Harder-to-detect versions can be found on GitHub. Just replace the binary in the Magisk frida-server module with one of those
    • HTTP Toolkit is nicer than mitmproxy but sadly it couldn't handle the requests of the app I tested it on

    EDIT: Of course, Frida is technically optional, but it's very likely certificate pinning is used by your target application so in practice it's not really optional. There are Xposed modules as an alternative to disable pinning but then you're fighting with Safetynet.
    Last edited by AbortRetryFail; 19th Aug 2022 at 13:18.
    Quote Quote  



Similar Threads