Unlock Browser JS with JsRpc: A Simple WebSocket Bridge for Reverse Engineering
This guide introduces JsRpc, a lightweight WebSocket‑based bridge that lets a Go server communicate with injected JavaScript in the browser, enabling reverse‑engineering of encrypted functions and data extraction through easy API calls.
Introduction
JsRpc creates a WebSocket connection between a browser and a Go service, allowing the server to invoke JavaScript code via HTTP‑style endpoints. It can be used for reverse‑engineering encrypted functions or directly fetching data.
Code Structure
-- main.go (server main code)
-- resouces/JsEnv.js (client‑side JS injection)Basic Overview
Running the server program together with the JS script enables communication; the server calls an interface, the client executes the registered JS method, and the result is returned to the server.
Implementation Details
The browser opens a WebSocket client to the server, calls server APIs, the server sends a message to the client, the client runs the specified JS, and sends the result back. The method works with HTTPS certificates and supports wss.
For HTTPS sites, a plain ws connection may cause security errors; using a local address (127.0.0.1) or wss avoids this. Without a certificate, compile main.go and use the default port 12080. With a certificate, comment out r.Run(), enable r.RunTls, set the certificate path, and use the default port 12443.
Usage
Download the compiled binaries from the release page and run the executable to start the service.
After launching, double‑click the file to start the server.
API Overview
/list: view currently connected WebSocket services /ws: endpoint for injecting WebSocket connection into the browser /result: retrieve data (JSON format, e.g., {"group":"hhh","hello":"好困啊yes","name":"baidu","status":"200"})
Endpoints accept group and name query parameters, e.g.:
ws://127.0.0.1:12080/ws?group={}&name={}http://127.0.0.1:12080/go?group={}&name={}&action={}¶m={}actionis the registered method name, param is optional.
Injecting JS and Building the Communication Environment
Open JsEnv.js and paste its content into the browser console (breakpoints may need to be disabled).
Injecting WebSocket and Registering Methods
// Connect
var demo = new Hlclient("ws://127.0.0.1:12080/ws?group=hhh&name=baidu");
// Register a method (first arg is method name, second is function)
// param is optional
demo.regAction("hello", function(resolve, param) {
var c = "好困啊" + param;
resolve(c);
});Accessing the API to Retrieve Data
http://127.0.0.1:12080/go?group=hhh&name=baidu&action=hello¶m=yes
// Returns JSON:
{
"group":"hhh",
"hello":"好困啊yes",
"name":"baidu",
"status":"200"
}Conclusion
JsRpc enables a browser‑to‑Go WebSocket bridge that can execute injected JavaScript and return results, useful for reverse engineering, decryption, or data scraping. Try it out and explore further applications.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Python Crawling & Data Mining
Life's short, I code in Python. This channel shares Python web crawling, data mining, analysis, processing, visualization, automated testing, DevOps, big data, AI, cloud computing, machine learning tools, resources, news, technical articles, tutorial videos and learning materials. Join us!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.