yigit/VevoxCrusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
VevoxCrusher/notes.md
Yigit Colakoglu cc8d8ced19 first commit
2021-10-27 10:55:03 +02:00

2.4 KiB
Raw Blame History

When you enter a session, the request:

GET /api?connection_id=dcbfa537-2417-4110-8891-d958ee621eb9 HTTP/1.1
Host: web1-httpapi.vevox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: https://vevox.app
Sec-WebSocket-Key: JNfGd5OyxH1xd/oXdGrJIg==
Connection: keep-alive, Upgrade
Cookie: AWSALB=3/da+XKMODKQYcglV006mpTqKCTZ/zQsW1UyQA0JtSuzeR6z47LQu7FvzFsXjtfJbRMzuX+o9xJT3M/dhSpQVUD32ZotxH5d7bTttBAYg9loxFcXWRlKimn79Oax; AWSALBCORS=3/da+XKMODKQYcglV006mpTqKCTZ/zQsW1UyQA0JtSuzeR6z47LQu7FvzFsXjtfJbRMzuX+o9xJT3M/dhSpQVUD32ZotxH5d7bTttBAYg9loxFcXWRlKimn79Oax
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

is sent to web1-httpapi.vevox.com. The cookies are sent by the server in the initial request. The connection_id is created on client-side by javascript with the lines:

function l() {
  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (e) {
    var t = 16 * Math.random() | 0;
    return ('x' == e ? t : 3 & t | 8).toString(16)
  })
}

After this, the json data is sent to the server:

{
   "service":"httpapiservice-1_0",
   "message":"SetConnectionInfo",
   "data":{
      "secret":"RIM2JSTSyk4Y/TXTwvh7nIWCrD6L5sraDV6Z7rZ1ZVk=",
      "key":"FWfLAvjJmU9Wbnrm",
      "thirdPartyUserId":"",
      "deviceId":"480e2645-c33c-4459-8b3c-2e9a772c2f73",
      "appVersion":"1.7.0",
      "apiVersion":"1.23",
      "tzid":"Europe/Amsterdam",
      "tzoffset":-120,
      "sw":1022,
      "sh":241,
      "isAttendee":true,
      "gatewayMappings":{
         "97":"wss://staging-httpapi.lumidev.net/api",
         "98":"wss://qarel-httpapi.lumidev.net/api",
         "99":"wss://qamaster-httpapi.lumidev.net/api"
      }
   },
   "timeout":60000,
   "requestId":3
}

{"service":"meetingservice-1_0","message":"DeviceConnectAction","data":{"accessCode":"175848995","appId":"b04cda41-22ea-40a5-a5e4-ce951bd12067","apiVersion":"1.23","connectProperties":{"sortOrder":"normal"}},"timeout":10000,"reQquestId":4}

This data is in javascript of index, secret/key is constant.

``json {"service":"discussionservice-1_3","message":"DeviceDiscussionMessagePostAction","data":{"topicId":236248,"message":"test","anonymous":true,"nameHidden":false},"timeout":10000,"requestId":5}