Options for SSL/TLS decryption (corporate network)

PositiveIntent · 2024-10-02

Company performs SSL/TLS decryption for all outbound traffic. This breaks a lot of Spotify components due to certificate pinning(?). I've identified the following hostnames:
apresolve.spotify.com
login5.spotify.com
guc3-spclient.spotify.com
guc3-dealer.spotify.com
spclient.wg.spotify.com
api-partner.spotify.com
audio4-ak-spotify-com.akamaized.net
misc.spotifycdn.com
seed-mix-image.spotifycdn.com
wrapped-images.spotifycdn.com
audio4-gm-fb.spotifycdn.com
heads-fa.scdn.co
misc.scdn.co
audio4-fa.scdn.co
i.scdn.co
newjams-images.scdn.co
dailymix-images.scdn.co
charts-images.scdn.co
lineup-images.scdn.co
mosaic.scdn.co
dealer.spotify.com
Are there any more that need to be excluded from decryption?

Ximzend · 2024-10-05

Domains of video streams that I could find are:

video-akpcw-cdn-spotify-com.akamaized.net

video-ak.cdn.spotify.com.splitter-eip.akadns.net

video-fa.scdn.co

I've found another for the Canvas:

canvaz.scdn.co

XimzendSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

PositiveIntent · 2024-10-10

These are helpful thank you! How are you working out which host names the application is using?

Ximzend · 2024-10-10

I found them using a proxy.

XimzendSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

Help categories

Account & Payment

Using Spotify

Listen Everywhere