Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Options for SSL/TLS decryption (corporate network)

Options for SSL/TLS decryption (corporate network)

Company performs SSL/TLS decryption for all outbound traffic. This breaks a lot of Spotify components due to certificate pinning(?). I've identified the following hostnames:
apresolve.spotify.com
login5.spotify.com
guc3-spclient.spotify.com
guc3-dealer.spotify.com
spclient.wg.spotify.com
api-partner.spotify.com
audio4-ak-spotify-com.akamaized.net
misc.spotifycdn.com
seed-mix-image.spotifycdn.com
wrapped-images.spotifycdn.com
audio4-gm-fb.spotifycdn.com
heads-fa.scdn.co
misc.scdn.co
audio4-fa.scdn.co
i.scdn.co
newjams-images.scdn.co
dailymix-images.scdn.co
charts-images.scdn.co
lineup-images.scdn.co
mosaic.scdn.co
dealer.spotify.com
Are there any more that need to be excluded from decryption?
Reply
3 Replies

Domains of video streams that I could find are:

video-akpcw-cdn-spotify-com.akamaized.net

video-ak.cdn.spotify.com.splitter-eip.akadns.net

video-fa.scdn.co

 

I've found another for the Canvas:

canvaz.scdn.co

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

These are helpful thank you! How are you working out which host names the application is using? 

I found them using a proxy.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

Suggested posts