Reverse Engineering Innertube
Here is a list of everything you need to start reverse engineering innertube
- Ublock origin
- A Web browser
- an Android Phone or Android Studio (optional, but sometimes needed)
- HTTP Toolkit (again, optional, but you will need it if you are intercepting the app's HTTP calls)
- Protobuf decoder
- Url Decoder
API platforms
Suppose you want to find the endpoint & the relevant JSON body to retrieve video information.
Step 1. Start a new Chrome instance with HTTP toolkit
Step 2. Install Ublock Origin This will help remove the trackers & other unnecessary HTTP calls that will make it harder to find the actual relevant HTTP call
Step 3. Navigate to youtube
Step 4. Delete all collected traffic by clicking on the trash can icon
Step 5. Navigate to a video
Step 6. Identify the relevant HTTP request (in this case, it was the /player endpoint. The HTTP request almost always comes from https://www.youtube.com/youtubei and is almost always a POST request)
Step 7. Copy the request body into your API testing platform and try to tinker with the request body until you find the behaviour of every field
Congratulations, you have reverse-engineered the YouTube API
