It is amazing what lengths Tiktok goes through to prevent scraping data. I've never encountered a site that employs so many various anti-scraping measures.
I'm really curious what data the Tiktok app is sending out. Might be worth the time to investigate.
Conversation
Replying to
I've spent some time on it myself, the sad thing is that it was less secured few months ago. I think we kinda missed the train..
2
TikTok uses similar measures like the IG priv + GraphQL API (not FB Graph). Request order and headers must be exactly the same like the app fires, one mistake (such as omitting a Telemetry request) and the session gets flagged.
6
Reversing the app & mitm is recommended. Expect hardcoded certs to block mitm. Worst-case: It uses DRM to derive session keys.
Web clients are usually harder to fake than apps bc of browser fingerprinting & obfuscated JS.
3
