Unlock JavaScript Reverse Engineering with JsRpc: A Step‑by‑Step Guide
This article introduces JsRpc, a WebSocket‑based bridge between a browser and a Go server that lets you execute custom JavaScript from HTTP‑style calls, enabling reverse‑engineering, encrypted function calls, and data extraction.
Introduction
JsRpc is a tool that opens a WebSocket connection between a browser and a Go server, allowing the browser to execute predefined JavaScript code via HTTP‑style API calls. It can be used for JS reverse‑engineering, calling encrypted functions, or directly fetching data.
Code Structure
-- main.go (server main code)
-- resources/JsEnv.js (client‑side JS injection)Basic Usage
Run the server program and the JS script; they communicate through the WebSocket, enabling you to invoke interfaces that execute JS and return the desired values (e.g., encryption/decryption).
Implementation Details
The browser creates a WebSocket client that connects to the server. The server sends a request, the client runs the specified JS method, and returns the result back to the server, which then displays it. The method works over HTTPS and supports wss.
HTTPS / TLS Notes
If the site uses HTTPS, a plain ws connection may cause security errors. Using wss or a local IP (127.0.0.1) avoids the issue. Without a certificate, compile main.go and connect to ws on port 12080. With a certificate, enable RunTls in main.go and use port 12443.
Running the Pre‑built Binary
Download the compiled binary from the GitHub releases page and double‑click to start the service.
API Overview
/list: view currently connected WebSocket services /ws: endpoint for the browser to inject the WebSocket connection /result: retrieve data in JSON format, e.g.
{"group":"hhh","hello":"好困啊yes","name":"baidu","status":"200"}Calls use ?group and ?name query parameters, for example:
ws://127.0.0.1:12080/ws?group={}&name={}
http://127.0.0.1:12080/go?group={}&name={}&action={}¶m={}Injecting JS and Building the Communication Environment
Paste the contents of JsEnv.js into the browser console (breakpoints may be needed).
Registering a Method
// Connect
var demo = new Hlclient("ws://127.0.0.1:12080/ws?group=hhh&name=baidu");
// Register method "hello"
demo.regAction("hello", function (resolve, param) {
var c = "好困啊" + param;
resolve(c);
});Accessing the Interface
http://127.0.0.1:12080/go?group=hhh&name=baidu&action=hello¶m=yes
// Response
{
"group":"hhh",
"hello":"好困啊yes",
"name":"baidu",
"status":"200"
}Conclusion
JsRpc enables a browser‑to‑Go WebSocket bridge that can execute arbitrary JavaScript and return results, which is useful for reverse engineering, crawling, or automating encrypted functions.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Python Crawling & Data Mining
Life's short, I code in Python. This channel shares Python web crawling, data mining, analysis, processing, visualization, automated testing, DevOps, big data, AI, cloud computing, machine learning tools, resources, news, technical articles, tutorial videos and learning materials. Join us!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.