Search
  • Aditya Anand

How I found a way to view paid content on an online streaming website for free?

Hi there, I know it’s been too long since my last article and for the people who follow me on a regular basis I am sorry that I can’t come up with many articles lately but I promise this article will be an interesting one.


Here we go!

I am one of those people who love to have free stuff, I don’t know about others but being a broke college student free stuff attracts me like hell. This article is all about how I found a quick dirty way to access the paid premium stuff on an online streaming website for free. I was planning to watch a live football match on a premium account but the problem was it was my friend’s account and the basic restriction put in by the website was that only one person can access the live video stream. Now, the problem was that my friend was also using the account at that point of time and so I had to bypass this restriction if I wanted to view the content. So, let me tell you how I found a way to overcome this challenge and watched the whole match live.

Let’s dig in!

So, first of all I opened up the website and then opened inspect element. I wanted to check if there was a way I could figure out as to how the website was checking how many people are viewing the online content at the same point of time. I went through the whole code and realised that they were using javascript to check if the website was being opened at different browsers at the same point of time. Now, I need to tell you that I was not that great with javascript at that time. So, even though I knew that the streaming service was verifying it on the client side and that it used javascript to do that still I wasn’t able to do anything about it. ( Mental Note :- Learn Javascript )

Wait a second, they were using javascript on the client side to do the verification and that is the worst thing possible in terms for security so there must be something else that I can do to compromise the security on the webpage. So, I zoomed out a bit to take a look at the bigger picture and then an idea struck my mind and guess what that worked.


Client-Side Javascript verification is bad news!

So, as of now when I visited the streaming website while my friend was using it, a message used to be displayed on my screen that read “The account is being used by someone else”. Now the basic rule of loading a webpage faster ( which is followed by nearly everyone ) is to load the HTML first, then the CSS and at the last Javascript. So, let us say for now that Javascript is the security guard, so unless and until the Javascript loads, for a brief moment of time there is no security on the webpage whatsoever and for that particular instant you can do anything that you want to do.


The devil lies in the details.

So, this is where my idea comes into play what if I never let the security guard come, well by that what I mean is what if I find a way to stop Javascript from loading on the webpage at all. Well then comes the part how do you do it? How do you stop Javascript from loading on the webpage? The answer is hilariously simple and I myself didn’t believe it when it worked. You just have to refresh the webpage and manually stop the refresh process as soon as the main webpage is opened i.e. when the HTML and CSS part of the page is loaded up. This might take a few tries ( 3–4 times max ) because the speed at which the webpage loads is in milliseconds / seconds ( depending on the net connection )so it’s kinda tricky to carry out but in this way you stop the security measures to load up on the webpage.

Once you are able to do that then hooray you can watch the premium content of the website on different systems simultaneously and you never really have to have different premium accounts just one will be fine for everyone.


Moral

If you are a developer, then please keep this in mind the security of the application or software you are working on. If the application is focused on quick service and not on security then it’s fine to load Javascript at the last but if you are writing a code for security in aspect it is better to load Javascript simultaneously.


If you enjoyed it please do clap and happy hacking!

Twitter : twitter.com/aditya12anand

LinkedIn : https://www.linkedin.com/in/aditya12anand/

E-mail : [email protected]

59 views
Wooden Hut

Feel free to connect!

  • LinkedIn Social Icon
  • Twitter Social Icon
  • Unknown_2

Created by Aditya Anand