[SoKamil]

> As this is a Javascript file executed on the web, it is actually possible to replace the normal webmssdk.js with the deobfuscated file and use TikTok normally.

> This can be achieved by using two browser extensions known as Tampermonkey for executing custom code and CSP to disable CSP so I can fetch files from blocked origins. This is so I can put latestDeobf.js in my own file server and have it be fetched each time, this is so I can easily edit the file and let the changes take effect each time I refresh. This makes it much easier to bebug when reversing functions.

I believe you can achieve the same effect without any 3rd party extensions. You can use Local Overrides in Chrome DevTools.

Great work!

[wutwutwat]

You can also install some trusted certs and MITM the requests, replacing the content with whatever you'd like

Likely overkill for this use case, but no matter the client, you can in theory do whatever you want to any traffic up until the point it leaves your network.

[ImPostingOnHN]

what toolset do you use for on-the-fly translation?

ad-hoc code, or something with a more structured workflow, maybe?

this sounds like a fun thing to try, thanks for your time

[SoKamil]

Charles, Proxyman, or mitmproxy if you like open source + terminal would do the job.

[geoka9]

mitmproxy will even allow you to script the intercept/override behavior, which can be really handy.

[18172828286177]

See Burpsuite