I tried to get video from an embedded iFrame, but JS is de-obfuscated, may there is an actual src link hidden in JS, I tried my best and couldn’t de-obfuscate, if I click Play I can find the source, but I am fetching it with Curl, but cannot find the video link.. can someone guide me through right direction, so I can dig more – thanks
Basically there is an iFrame page, that loads external video link, which is hidden, if I open with curl with the same site referrer it doesn’t show anything. I need to reach the final link.
Advertisement
Answer
There is a call on https://secure.xyz.com/response.php with the same query parameters as those you get from the redirected url. Also it needs x-requested-with
http headers set :
JavaScript
x
curl 'https://secure.xyz.com/response.php?sid=XXXXX=&product=XXXXX'
-H "x-requested-with: XMLHttpRequest"
An example in python :
JavaScript
import requests
url = "https://cutt.ly/xxxxx"
r = requests.get(url)
queryParams = r.url.split("?")[1]
r = requests.get(f"https://secure.xyz.com/response.php?{queryParams}",
headers = {
"x-requested-with": "XMLHttpRequest"
})
print(r.json())