⌘K
Change language Switch ThemeSign In
Narrow Mode
Bypassing API Signature Verification with CDP and Browser Console =================================================================
Bypassing API Signature Verification with CDP and Browser Console =================================================================  ### yan5xu
@yan5xu
我之前也没想到,让 agent 通过 cdp 操作网页和直接用 js 使用 api 在我脑子里一直是分开的,知道我昨天看 @jakevin7 的 twitter-cli,里面有很多内容其实在做登录态的处理,然后脑子里立马就蹦出来,我cdp 开一个网页,然后在 console 里面用浏览器的 fetch,这些问题岂不是都没了。然后试一把,发现卧槽能行。就开干了。
特别是在做小红书的时候,小红书有一套签名算法,正常路线是要做逆向,我和 claude code 讨论之后发现直接调用小红书自己的 Vue Store 方法触发请求,同时 hook XHR 截获原始 API 响应😂就是拿小红书自己来解锁自己。github.com/epiral/bb-site…s
Mar 15, 2026, 1:42 AM View on X
3 Replies
5 Retweets
39 Likes
2,371 Views  yan5xu @yan5xu
One Sentence Summary
By directly calling internal web page methods and fetch in the browser console via CDP, complex signature algorithms can be bypassed for data scraping.
Summary
The author shares an ingenious approach for Agent-driven web page interaction: directly invoking fetch or internal Vue Store methods within the browser console via CDP (Chrome DevTools Protocol). This method allows bypassing tedious reverse engineering when dealing with platforms like Xiaohongshu, which employ complex signature algorithms. Essentially, it leverages the browser's existing login state and internal logic to 'unlock' and retrieve data, turning the web page's own logic to the Agent's advantage.
AI Score
86
Influence Score 17
Published At Today
Language
Chinese
Tags
CDP
Agent
Web Scraping
Xiaohongshu Reverse Engineering
Browser Automation HomeArticlesPodcastsVideosTweets
Bypassing API Signature Verification with CDP and Browser... ===============