Understanding RPC and Its Use in Web Reverse Engineering with Sekiro

Remote Procedure Call (RPC) is a technique that enables a program to cause a procedure to execute in another address space, making remote calls appear as local ones. It solves two main problems in distributed systems: inter‑service invocation and transparent remote execution.

In reverse engineering, RPC can be used to treat the local environment and the browser as server and client, communicating via WebSocket. By exposing the browser's encryption functions (e.g., utility.getH5fingerprint() ) through RPC, one can obtain encrypted parameters without manually reproducing the JavaScript logic.

The following Python WebSocket server reads strings from the console, sends them to the browser, and prints the encrypted result:

# ==================================
# --*-- coding: utf-8 --*--
# @Time    : 2022-02-14
# @Author  : 微信公众号：K哥爬虫
# @FileName: ws_server.py
# @Software: PyCharm
# ==================================

import sys
import asyncio
import websockets

async def receive_massage(websocket):
    while True:
        send_text = input("请输入要加密的字符串: ")
        if send_text == "exit":
            print("Exit, goodbye!")
            await websocket.send(send_text)
            await websocket.close()
            sys.exit()
        else:
            await websocket.send(send_text)
            response_text = await websocket.recv()
            print("\n加密结果：", response_text)

start_server = websockets.serve(receive_massage, '127.0.0.1', 5678)  # custom port
asyncio.get_event_loop().run_until_complete(start_server)
asyncio.get_event_loop().run_forever()

The corresponding browser client sends the received string to the encryption function and returns the result:

/* ==================================
# @Time    : 2022-02-14
# @Author  : 微信公众号：K哥爬虫
# @FileName: ws_client.js
# @Software: PyCharm
# ================================== */

var ws = new WebSocket("ws://127.0.0.1:5678"); // custom port

ws.onmessage = function (evt) {
    console.log("Received Message: " + evt.data);
    if (evt.data == "exit") {
        ws.close();
    } else {
        ws.send(utility.getH5fingerprint(evt.data));
    }
};

To inject the client code into a page, you can use browser developer tools Overrides, Fiddler, or userscripts. After injection, run the Python server, log in to the target site once, and then input strings to obtain encrypted values.

For a more robust solution, the article introduces two open‑source projects: JsRPC‑hliang (written in Go) and Sekiro . Sekiro is an Android Private API exposure framework that also works for web JavaScript reverse engineering.

After building Sekiro (using build_demo_server.sh on Linux/Mac or downloading the binary for Windows), start the service:

# Linux & Mac
bin/sekiro.sh
# Windows
bin/sekiro.bat

Inject sekiro_web_client.js into the browser and create a SekiroClient instance to register an action that calls the encryption function:

function guid() {
    function S4() {
        return (((1 + Math.random()) * 0x10000) | 0).toString(16).substring(1);
    }
    return (S4() + S4() + "-" + S4() + "-" + S4() + "-" + S4() + "-" + S4() + S4() + S4());
}

var client = new SekiroClient("ws://127.0.0.1:5620/business-demo/register?clientId=" + guid());
client.registerAction("getH5fingerprint", function (request, resolve, reject) {
    resolve(utility.getH5fingerprint(request["url"]));
});

Once the client is running, you can invoke the encryption via HTTP: http://127.0.0.1:5620/business-demo/invoke?group=rpc-test&action=getH5fingerprint&url=https://www.baidu.com/ , which returns a JSON object whose data field contains the encrypted result.

Compared with browser automation tools like Selenium or Puppeteer, RPC avoids loading heavy resources, offers higher stability and efficiency, and works well when the target site does not bind encryption parameters to browser fingerprints. However, frequent RPC calls may be detected on stricter sites, where browser‑level group control or multi‑browser setups become necessary.

In summary, RPC is a powerful technique for bypassing complex encryption in web applications, and frameworks such as Sekiro provide a flexible way to expose browser functions for automated reverse engineering.