Jump to content

Wireshark, XML, and iTunes Music Store


Zimmer
 Share

Recommended Posts

Recently I have found an interest in finding iTunes Store XML and I have been getting to know wireshark. I have been googling and sniffing (packets why what did you think...) I have found helpful links on this but most seem to be from iTunes 4 not 8 one link I found was macosxhints (Get iTunes XML (well most of the time...)) which showed how to get at the iTunes Store XML and it worked for most except for searches and so I decided to use wireshark... and I have filtered http (the tcp packets from iTunes didn't seem to help) only. I have tried many of the links but the some have for protocol not just http but http / xml and so I though this would be the xml but it seems that it is only confirming that I received xml so I search for the actual xml link and have no luck. I then move on to iTunes link maker hoping to find xml again no luck. Am I using wireshark wrong, should I just give up (doesn't seem to be encrypted), is my assumption of http / xml being xml wrong? Thanks for the help and sorry for the long post.

Rest is Links if you don't care about them just scroll past them. Also for the links the search is mostly 'Kanye West' (no qoutes)

BEGIN LINKS LINKS LINKS

---------------------------------------------------------

http://www.macosxhints.com/article.php?story=20060111131007980&lsrc=osxh
http://ax.phobos.apple.com.edgesuite.net/W...=&media=all
http://metrics.apple.com/b/ss/applesupergl...D%26media%3Dall
http://ax.phobos.apple.com.edgesuite.net/
http://ax.phobos.apple.com.edgesuite.net/i...maker/album.gif
http://ax.phobos.apple.com.edgesuite.net/i.../box_bottom.gif
http://developer.apple.com/Internet/Webcontent/
http://www.seangw.com/wordpress/index.php/...nes-link-maker/
http://www.google.com/search?q=itunes+link...lient=firefox-a
http://ax.init.itunes.apple.com/
http://ax.init.itunes.apple.com/WebObjects
http://neuronwave.com/2003/05/itunes-inter...urls-apples.php
http://www.brainbell.com/tutorials/XML/Lin...Tunes_Store.htm
http://www.brainbell.com/tutorials/XML/TOC...ary_Via_XML.htm
http://www.brainbell.com/tutorials/XML/
http://www.brainbell.com/tutorials/XML/Bui..._Web_Viewer.htm
http://www.brainbell.com/tutorials/XML/Summary_34.htm
http://www.google.com/search?hl=en&cli...amp;btnG=Search
http://ax.search.itunes.apple.com/WebObjec...h.woa/wa/search
http://ax.itunes.apple.com/WebObjects/MZSt...2Fwa%252Fsearch
http://phobos.apple.com/storeBag.xml.gz
http://ax.init.itunes.apple.com/WebObjects...initiateSession
http://www.google.com/search?q=search.itun...lient=firefox-a
http://blizzard.dnsalias.org/itunes-url-decoder.py
http://www.google.com/search?hl=en&cli...amp;btnG=Search
http://www.google.com/search?q=return+itms...lient=firefox-a
http://www.google.com/search?hl=en&cli...amp;btnG=Search
http://www.google.com/search?hl=en&cli...amp;btnG=Search
http://ax.search.itunes.apple.com/WebObjec...maffie+and+crew
http://ax.itunes.apple.com/WebObjects/MZSt...52Band%252Bcrew
http://www.google.com/search?q=search.itun...lient=firefox-a
http://ax.search.itunes.apple.com/WebObjec...-impt=clickRef%
http://ax.itunes.apple.com/WebObjects/MZSt...3DclickRef%2525
http://www.s-seven.net/itunes_xml
http://www.s-seven.net/itunes
http://www.s-seven.net/blog/2005/10/itunes...php-scripts-iii
http://www.google.com/search?hl=en&q=i...mp;aq=f&oq=
http://metrics.apple.com/metrics/desktop/p...28459F7F61A4C77
http://www.apple.com/itunes/contentproviders/
http://www.google.com/search?hl=en&cli...amp;btnG=Search
http://www.google.com/search?q=itunes+get+...lient=firefox-a
http://www.google.com/search?hl=en&q=i...amp;btnG=Search
http://www.thejosher.net/iTunes/index.php?...tion&gzip=0
http://www.thejosher.net/iTunes/
http://www.google.com/search?hl=en&q=g...mp;aq=f&oq=
http://ax.phobos.apple.com.edgesuite.net/b...term%3Dheartles
http://metrics.apple.com/b/ss/applesupergl...term%3Dheartles
http://ax.phobos.apple.com.edgesuite.net/m...&sessionId=
http://ax.itunes.apple.com.edgesuite.net/m...s&sf=143441
http://ax.itunes.apple.com.edgesuite.net/m...&sessionId=
http://ax.itunes.apple.com.edgesuit.net/me...&sessionId=
http://ax.itunes.apple.com/metrics/desktop...&sessionId=
http://ax.search.itunes.apple.com/WebObjec...p;ign-mscache=1
http://ax.itunes.apple.com/WebObjects/MZSt...n-mscache%253D1
http://ax.search.itunes.apple.com/WebObjec...;term=heartless
http://ax.itunes.apple.com/WebObjects/MZSt...m%253Dheartless
http://ax.itunes.apple.com.edgesuite.net/W...2Fwa%252Fsearch
http://ax.search.itunes.apple.com/r/n/WebO...;term=heartless
http://ax.itunes.apple.com/WebObjects/MZSt...tion/fontStyles
http://ax.itunes.apple.com/WebObjects/MZSt...a/wa/storeFront
http://ax.phobos.apple.com.edgesuite.net/W...s&media=all
http://ax.phobos.apple.com.edgesuite.net/W...?term=heartless
http://ax.phobos.apple.com.edgesuite.net/W...s&media=all
http://ax.phobos.apple.com.edgesuite.net/W...s&media=all
http://www.apple.com/itunes/linkmaker/
http://www.google.com/search?as_q=itunes&a...earch=tbray.org
http://www.tbray.org/
http://www.tbray.org/ongoing/
http://phobos.apple.com/WebObjects/MZSearc...20Don%27t%20Run
http://ax.itunes.apple.com/WebObjects/MZSt...2527t%252520Run
http://ax.phobos.apple.com.edgesuite.net/W...20Don%27t%20Run
http://www.freesoftwaremagazine.com/articl...unes?page=0%2C0
http://www.freesoftwaremagazine.com/articl...unes?page=0%2C3
http://www.freesoftwaremagazine.com/articl...unes?page=0%2C2
http://www.freesoftwaremagazine.com/articl...unes?page=0%2C1
http://www.tbray.org/ongoing/When/200x/2003/04/30/AppleWA
http://phobos.apple.com/WebObjects/MZSearc...SS/rssGenerator
http://ax.itunes.apple.com/rss
http://phobos.apple.com/WebObjects/MZStore...SS/rssGenerator
http://www.g4tv.com/screensavers/features/...es_Hackery.html
http://g4tv.com/screensavers/features/5127...es-Hackery.html
http://www.xmlhead.com/articles/60.html
http://g4tv.com/screensavers/features/5127...es_Hackery.html
http://www.freesoftwaremagazine.com/free_i...ssue_02/itunes/
http://www.freesoftwaremagazine.com/articles/itunes/
http://maisonbisson.com/blog/post/10758/it...usic-store-api/
http://maisonbisson.com/?s=itunes
http://maisonbisson.com/search/itunes
http://maisonbisson.com/projects/
http://maisonbisson.com/blog/page/2/
http://maisonbisson.com/
http://maisonbisson.com/blog/
http://www.xml.com/pub/a/2004/11/03/itunes.html?page=1
http://www.aaronsw.com/2002/itms/
http://www.downhillbattle.org/itmsscript/index.html
http://jens.ohlig.info/archives/000169.html
http://www.xml.com/pub/a/2004/11/03/itunes.html?page=2
http://www.google.com/search?q=itunes+musi...lient=firefox-a
http://www.google.com/search?q=itunes+link...lient=firefox-a
http://phobos.apple.com/WebObjects/MZSearc...a/itmsLinkMaker,
http://phobos.apple.com/WebObjects/MZSearc...SS/rssGenerator,
http://www.xml.com/lpt/a/1495
http://phobos.apple.com/WebObjects/MZSearc...;term=heartless
http://ax.search.itunes.apple.com/WebObjec...;term=heartless
http://ax.itunes.apple.com/WebObjects/MZSt...m%253Dheartless
http://phobos.apple.com/WebObjects/MZSearc...it=edit&amp
http://ax.itunes.apple.com/WebObjects/MZSt...53Dedit%2526amp
http://ax.phobos.apple.com.edgesuite.net/W...p;ign-mscache=1
http://ax.itunes.apple.com/WebObjects/MZSt...n-mscache%253D1
http://ax.phobos.apple.com.edgesuite.net/W...m%253Dheartless
http://ax.phobos.apple.com.edgesuite.net/i...che%3D1&amp
http://ax.phobos.apple.com.edgesuite.net/W...p;ign-mscache=1
http://ax.phobos.apple.com.edgesuite.net/W...p;ign-mscache=1
http://search.itunes.apple.com/WebObjects/...;term=heartless
http://ax.itunes.apple.com/WebObjects/MZSt...m%253Dheartless
http://ax.phobos.apple.com.edgesuite.net/W...;term=heartless
http://ax.phobos.apple.com.edgesuite.net/W...m%253Dheartless
http://ax.phobos.apple.com.edgesuite.net/W...p;ign-mscache=1
http://ax.itunes.apple.com/WebObjects/MZSt...n-mscache%253D1
http://ax.itunes.apple.com/WebObjects/MZSe...p;ign-mscache=1
http://ax.phobos.apple.com.edgesuite.net/h...;term=heartless
http://ax.phobos.apple.com.edgesuite.net/W...nts?q=heartless
http://oreilly.com/catalog/pythonxml/chapter/ch01.html
http://ax.itunes.apple.com/metrics/desktop...&sessionId=
http://ax.itunes.apple.com/WebObjects/MZSt...77&s=143441
http://ax.init.itunes.apple.com/bag.xml?ix=2
http://ax.itunes.apple.com/WebObjects/MZSt...25252fHeartless
http://search.itunes.apple.com/WebObjects/...est%2fHeartless
http://ax.itunes.apple.com/WebObjects/MZSt...h%253DKanyeWest
http://ax.phobos.apple.com.edgesuite.net/W...amp;media=music
http://www.apple.com/itunes/download/
http://apple.com/itunes
http://www.apple.com/itunes/
http://www.apple.com/itunes
http://ax.phobos.apple.com.edgesuite.net/W...;term=Heartless
http://ax.itunes.apple.com/WebObjects/MZSt...m%253DHeartless
http://www.google.com/search?q=itunes+xml+...lient=firefox-a

Link to comment
Share on other sites

Wirehark just shows you what traffic you have coming across your wire/wifi. What exactly did you think you were going to be able to pull out of it? WHat are you trying to accomplish? You say sml, but did you mean SMIL?

http://en.wikipedia.org/wiki/Synchronized_...ration_Language

Wireshark can filter SMIL, but there is no sml filter. There are XML fitlers though.

Link to comment
Share on other sites

xml is what I am looking for.

This is the link that opens itunes with the search string specified by term

http://ax.search.itunes.apple.com/WebObjec...rm=kanye%20west

When typing in something in the search box and words are popped up for suggestions.

the xml click the links you will get raw xml (unless your browser tries to interpret it (firefox, what I am using, hasn't)).

first it has

http://ax.search.itunes.apple.com/WebObjec...oa/wa/hints?q=h

http://ax.search.itunes.apple.com/WebObjec...a/wa/hints?q=he

http://ax.search.itunes.apple.com/WebObjec.../wa/hints?q=hea

...

http://ax.search.itunes.apple.com/WebObjec...nts?q=heartless

Then when you submit you request i.e heartless

http://ax.search.itunes.apple.com/WebObjec...;term=heartless

--All that does is redirect you to iTunes with your search query.

Also for all the links wireshark list it as Accept-Encoding: gzip yet I get xml or a redirect also appending .gzip edits the hint or search (depending on the link)

Screenshot of Wireshark HTTP Click for bigger picture.

gsddsd.th.jpg

Link to comment
Share on other sites

I don't have iTunes, so the site doesn't let me into it. But you can just use the word XML as a display filter and you should get all the XML files and XML data in wireshark.

Link to comment
Share on other sites

Ok I have found the XML in Wireshark and how to export an xml file. But if I have wireshark just showing xml and I go to this xml file http://www.w3schools.com/XML/note.xml wireshark shows the xml code BUT doesn't show the source of where I got it (http://www.w3schools.com/XML/note.xml). It does not matter for this XML file because I already know where the file is (http://www.w3schools.com/XML/note.xml) but for XML files from iTunes Music Store I don't know where they come from. Any help is greatly appreciated :) oh and yes google was no help :( or at least my google searches didn't show anything :(.

Link to comment
Share on other sites

Ok I have found the XML in Wireshark and how to export an xml file. But if I have wireshark just showing xml and I go to this xml file http://www.w3schools.com/XML/note.xml wireshark shows the xml code BUT doesn't show the source of where I got it (http://www.w3schools.com/XML/note.xml). It does not matter for this XML file because I already know where the file is (http://www.w3schools.com/XML/note.xml) but for XML files from iTunes Music Store I don't know where they come from. Any help is greatly appreciated :) oh and yes google was no help :( or at least my google searches didn't show anything :(.

It can't display it without showing where it came from. Usually you right click and follow the stream. it should show somehting like either a get or post request for the URL, like

GET /XML/note.xml HTTP/1.1

User-Agent: Opera/9.64 (Windows NT 5.1; U; en) Presto/2.1.1

Host: www.w3schools.com

Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1

Accept-Language: en-US,en;q=0.9

Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1

Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0

Cache-Control: no-cache

Connection: Keep-Alive, TE

TE: deflate, gzip, chunked, identity, trailers

HTTP/1.1 200 OK

Content-Length: 201

Content-Type: text/xml

Last-Modified: Thu, 25 Sep 2008 08:02:29 GMT

Accept-Ranges: bytes

ETag: "57794bee51ec91:4cd"

Server: Microsoft-IIS/6.0

MicrosoftOfficeWebServer: 5.0_Pub

X-Powered-By: ASP.NET

Date: Sat, 11 Apr 2009 18:49:04 GMT

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- Edited by XMLSpy. -->

<note>

.<to>Tove</to>

.<from>Jani</from>

.<heading>Reminder</heading>

.<body>Don't forget me this weekend!</body>

</note>

Link to comment
Share on other sites

Im sorry, I must be thick, but what is it you are looking for? What are you trying to retrieve? The XML data in the pcap file seems to just be search and reply info, mostly displaying CSS and image files.

Here is the plain text stream of data from the XML request you saved in the cap file.

http://www.twistedpairrecords.com/digip/cap.txt

It almost looks like you hit the back button on the browser, as there are 304 not modified requests in there, like as if you had already been to that page or loaded that data.

This is the URL you wanted: ax.init.itunes.apple.com/bag.xml?ix=2&dsid=222285218

Looks like part of the file is Base64 encoded which gives all those URL's you were talking about.

Here is the base64 decoded XML file, with Apple cert. I put it in a rar so your browser doesn't try to read it and get an error(Because of the cert in the file, it tries to make it secure and unreadable). UnRar it and open it in something like notepad++(Not regular notepad) or Wordpad, and not a browser. http://www.twistedpairrecords.com/digip/cap.rar

Link to comment
Share on other sites

I'm the one that should be sorry :). There were several XML files but it seems that they were not in the pcap file huh oh well... Here is another pcap file http://download112.mediafire.com/fm9b0dr3u..._pcap_file.pcap. BTW I had to save the file as all packets not just http because the xml packet got corrupt in the pcap (I don't know why) anyways the xml packet number is 117 and the xml in that is (I exported it can't find source url huh) http://download131.mediafire.com/wmdd2nn00...d/itunesxml.xml (uploaded it). Anyways how can I find the url of this xml file (packet number 117)? thanks and sorry for the long post.

Link to comment
Share on other sites

I'm the one that should be sorry :). There were several XML files but it seems that they were not in the pcap file huh oh well... Here is another pcap file http://download112.mediafire.com/fm9b0dr3u..._pcap_file.pcap. BTW I had to save the file as all packets not just http because the xml packet got corrupt in the pcap (I don't know why) anyways the xml packet number is 117 and the xml in that is (I exported it can't find source url huh) http://download131.mediafire.com/wmdd2nn00...d/itunesxml.xml (uploaded it). Anyways how can I find the url of this xml file (packet number 117)? thanks and sorry for the long post.

Right click packet 117, follow tcp stream. Scroll down until you see the data(which just looks like random text, but thats the XML, encoded so you can't see it plain text because of their certs, but thats the packet), the section right above it is where it comes from.

referrer: http://ax.search.itunes.apple.com/WebObjec...love%20lockdown

You can always go to that packet, and then scroll up to the previous GET request as well(Packet 100) , and more than likely, it will be the link that it came from. Most of the time, but not always, as packets do not always get transferred in order. Some fail and get retransmitted in fragments, or other data coming in gets there first.

"GET" requests ask the server for data. The server responds with replies, good one susually 200 OK, but for example, if a file is not found, you would get a 404 not found, forbidden, 403 forbidden, etc, etc. Just following the GET request, then the next HTTP 200 OK should be the data returned from the server.

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Link to comment
Share on other sites

So the tcp packets 101 to 116 are the xml data coming across... Also the refer is the prevouis page I was on in iTunes as well and when I go to the url it redirects me to itunes with the search for love lockdown. So is there any url to the xml data in packet 117?

Link to comment
Share on other sites

So the tcp packets 101 to 116 are the xml data coming across... Also the refer is the prevouis page I was on in iTunes as well and when I go to the url it redirects me to itunes with the search for love lockdown. So is there any url to the xml data in packet 117?

Packet 100 is where it originated, at least from what I can see. If you look at the "Packet Details" window for packet 117 and start expanding the bread crumbs, you can see its reassembled segments, starting packet 101 through 117. When TCP sends a file, it often breaks it up into segments and sequences the items for reassembly at the destination, which reads the packets and combines them onto the final product. In packet 117's "Packet Details" you can see the plain text XML data as well. Just keep expanding the bread crumbs and scroll down.

Thats where the whole OSI model comes in handy trying to look at stuff and understanding TCP/IP. I hated learning the OSI model at first, but I have to admit, after learning more about it, its starting to make sense.

Link to comment
Share on other sites

So the url to the xml file that is then sent would be in packet 100? For the hints (when I search in iTunes what apple thinks I might be looking for) it is the host and then the get request but for the actual submitted string the host and get request redirect you to itunes and the search page opens in iTunes displaying the result of your search. What happens when you enter this URL digip (you posted you didn't have itunes) http://ax.search.itunes.apple.com/WebObjec...20be%20somebody?

Link to comment
Share on other sites

So the url to the xml file that is then sent would be in packet 100? For the hints (when I search in iTunes what apple thinks I might be looking for) it is the host and then the get request but for the actual submitted string the host and get request redirect you to itunes and the search page opens in iTunes displaying the result of your search. What happens when you enter this URL digip (you posted you didn't have itunes) http://ax.search.itunes.apple.com/WebObjec...20be%20somebody?

I get redirected to a page that says it can not find iTunes.

http://ax.itunes.apple.com/WebObjects/MZSt...%252520somebody

tunes.jpg

Link to comment
Share on other sites

Ok thanks digip that is what I thought but another part of me was hoping it was the xml file oh well back to wireshark what happens if you click 'I have itunes'. Anyone got any ideas as to finding the source of the search xml?

Link to comment
Share on other sites

From this thread I gather you are trying to access the site without iTunes?

Anyone got any ideas as to finding the source of the search xml?

This probably gets returned all from server side processing, but I haven't bothered to take the time to look into it further.

what happens if you click 'I have itunes'.

It still doesn't work. I think iTunes listens on a specific port and an authentication process happens between the server and the iTunes app. I don't know that you can access it short of impersonating the iTunes app/user agent as well as the authentication process, or just having it installed. If you do have it installed and can access the site, then just use wireshark to see whats happening. Most likely, they use somehting like SSL or TLS or such encryption and cert authentication.

Alternatively, you could try a user agent spoofer to impersonate an iPhone using FireFox just to see what they do and if they let you browse. Hmm...Gives me some ideas. Maybe a way to spoof the whole process. Like spoof the MAC address of an iPhone as well as the user agent of the phone, find out what ports iTunes listens on and try to monitor the requests and such after accessing the site, working from there. Over my head, but interesting in itself...

Edit: looks like the ports iTunes opens are

iTunes
daap            Port 3689 TCP        Digital Audio Access Protocol
daap            Port 3689 UDP        Digital Audio Access Protocol

(TCP Port 3689 and UDP Port 5353)

mdns            Port 5353 TCP        Multicast DNS
mdns            Port 5353 UDP        Multicast DNS

Not sure if that would be usefull though.

Link to comment
Share on other sites

My whole goal on this is to

a) Learn about iTunes

B) Use a python application to grab the url and then get meta data for a song or video, as well as options to play the 30 second clip to find what song it is, to get the correct meta data... To play the 30 second preview I can use VLC (I have tested this) and for the meta data right know I would have to know the artist, the song, and the album because I can then go to the artist page using http://www.apple.com/itunes/contentproviders/ scroll down to the section title

iTunes Links

Make it even easier for people to find your content on the iTunes Store by using iTunes links. When customers click on your iTunes link, iTunes will instantly open to your page on the iTunes Store. iTunes links are available for music, TV, movies, and apps once the content is live on the iTunes Store.

* Example iTunes Links: U2 - http://www.itunes.com/U2

* 24 - http://www.itunes.com/tv/24

* Wall.E - http://www.itunes.com/movies/wall-e

* Tetris - http://www.itunes.com/apps/tetris

and read that xml to find the album and then the song... Right know to get the xml I use this hint http://www.macosxhints.com/article.php?sto...060111131007980

In summation, to turn a standard iTMS link into a web-browser-ready page, just change the phobos.apple.com server to ax.phobos.apple.com.edgesuite.net, and change the itms:// into http://.

I can then using the meta data I found use atomic parsley to apply it to the song/ video

Oh and for the hint I tried it for searches and it didn't work...

I also saw the iTunes link maker but if I use that it:

a) Feels like cheating

B) Apple could easily brake it by changing the pattern

c) Apple could just get rid of it

Also I don't think they would encrypt the searches because they don't encrypt artist pages or the home page, they already have it available via iTunes link maker and wouldn't it cost money and cause more complications...

EDIT

Ok the ports you listed

DAAP is just for sharing over the network not iTunes Store (unless the wikipedia entry is wrong or no one has found out it is being used for itms).

ANOTHER EDIT

Ok the mdns is used by bonjour and I think it is for sharing songs over airtunes etc but not itunes store, so I think it is sage to presume that the info is sent of http or port 80 (is it safe to presume?).

Link to comment
Share on other sites

Ok I have started working on iTunes XML it is hardly done but I thought I might still post it...

it does require artist, album, and song to be able to get the meta data

Also the code IS NOT functional yet...

#iTunes Meta data ripper
#Python
import sys, urllib, time
if len sys.argv==1:
    print 'You have not enter any arguments, if you need help enter the arguments --help'
    time.sleep(10)
    sys.quit()
args=sys.argv
for arg in args:
    if arg.lower()=='--help' or '-help' or 'help':
        help()
    if arg.lower()[0:8]=='--artist' or '-artist=':
        if arg.lower[1] == '-':
            artist=arg[9:]
        if arg.lower[1] == 'a':
            artist=arg[8:]
    if arg.lower()[0:7] == '--album' or '-album=':
        if arg.lower[1] == '-':
            album=arg[8:]
        if arg.lower[1] == 'a':
            album=arg[7:]
    if arg.lower()[0:6]=='--song' or '--song=':
        if arg.lower[1] == '-':
            album=arg[7:]
        if arg.lower[1] == 'a':
            album=arg[6:]

Link to comment
Share on other sites

I hope this is understandable, if you have any question ask.

Apple gives a service to link to artist and other media on ITMS so for a artist you would type itunes.com/[artist] (replacing [artist]) but ITMS uses numbers (for xml data and when you right click and select copy itunes url) (like media players don't put in rock they put in a number for the genre(itunes I believe actaully puts in the string anyways)) so when you type in that url apple has to find the correct number so it request the page (itunes.com/[artist]) (in this case it gets a 302 error (I believe its an error that a page has been temporary moved) in this case it returns an address (http://search.itunes.apple.com/WebObjects/MZContentLink.woa/wa/link?path=[artist]) (no spaces) so it request that page (http://search.itunes.apple.com/WebObjects/MZContentLink.woa/wa/link?path=[artist]) It then gets another 302 response (http://search.itunes.apple.com/WebObjects/MZContentLink.woa/wa/link?path=KanyeWest) and gives it another URL (http://ax.itunes.apple.com/WebObjects/MZStore.woa/wa/browserRedirect?url=itms%253A%252F%252Fsearch.itunes.apple.com%252FWebObjects%252FMZContentLink.woa%252Fwa%252Flink%253Fpath%253DKanyeWest) AND it also sets a cookie ( ([truncated] Cookie: mzf_in=141211; itmsUrl=itms://ax.itunes.apple.com/WebObjects/MZStore.woa/wa/viewArtist?id=2715720; s_nr=1238017698294; s_cvp35=%5B%5B%27google%3A%20organic%27%2C%271238017698300%27%5D%2C%5B%27slashdot.org%27%2C%27123950) the cookie contains the number that itunes uses for copied URLs and what we need to get the xml of that page( the cookie set a url itmsUrl=itms://ax.itunes.apple.com/WebObjects/MZStore.woa/wa/viewArtist?id=2715720) at the end of the itunes url. The url it sends redirects you to a site with itms:// (not the one that was in the cookie but one that is similar)(itunes music store protocol (like http)). So it then gets this redirect page (wireshark lists it as a TCP retransmission (it is listed as http)????) and this shows up on your browser page this page detects whether iTunes is installed or not and then sends you to itunes (I believe with the url NOT in the cookie but in the browser redirect string)... Anyways with the cookie it sets you can get the xml of the artists page... Using this

A iTunes URL of a album

http://itunes.apple.com/WebObjects/MZStore...77&s=143441

XML Data of the page is

http://ax.phobos.apple.com.edgesuite.net/W...um?id=297475377

on the iTunes URL of the album the end has a &s=143441 that likely referars to a song that is given to iTunes to highlight

A iTunes URL of a artist

http://itunes.apple.com/WebObjects/MZStore...tist?id=2715720

XML Data:

http://ax.phobos.apple.com.edgesuite.net/W...tist?id=2715720

Also here is the JavaScript code used to detect iTunes, all from apple.com (got it using httpFox (firefox addon))

//
// iTunes Client Detection code
//
// This javascript library is tied intimately to MHBrowserRedirect.
// Note also that the iTunes U team links to this file on phobos, so check w/ Sugam before changing it.
//
// @author Mark Miller

var BROWSER_SAFARI = 1;
var BROWSER_FIREFOX = 2;
var BROWSER_INTERNET_EXPLORER = 3;
var BROWSER_OTHER = 4;

var ITUNES_INSTALLED_COOKIE_NAME="iTunesPresent";

function iTunesDetected() {

  // if we've already figured out that iTunes is present, rely on that data:
  if ('true' == getCookie(ITUNES_INSTALLED_COOKIE_NAME)) return true;

  // If we are on the Mac, assume that iTunes is installed.
  if (-1 != navigator.userAgent.indexOf("Macintosh")) return true;

  if (BROWSER_INTERNET_EXPLORER == detectedBrowser()) {
    return iTunesActiveXComponentInstalled();
  }
  
  // last chance:
  return iTunesMozillaPluginDetected();
}

function detectedBrowser() {
  if (-1 != navigator.userAgent.indexOf("AppleWebKit")) return BROWSER_SAFARI;
  if (-1 != navigator.userAgent.indexOf("Firefox")) return BROWSER_FIREFOX;
  if (-1 != navigator.userAgent.indexOf("MSIE ")) return BROWSER_INTERNET_EXPLORER;
  else return BROWSER_OTHER;
}

/**
 * We interpret the presence of the iTunes ActiveX Component to mean that iTunes itself has been installed.
 * @return true if the iTunes ActiveX Component was successfully loaded.
 */
function iTunesActiveXComponentInstalled() {
  var detectObj = document.getElementById('iTunesDetectorIE');
  var returnVal = false; // If we can't load the ActiveX control, assume we do not have ITMS

  if ((detectObj != null) &amp;&amp; (typeof(detectObj) != "undefined")) {
    if (typeof(detectObj.IsITMSHandlerAvailable) != "undefined") {
      returnVal = detectObj.IsITMSHandlerAvailable;
      dbg(typeof(detectObj.IsITMSHandlerAvailable));
    }

    if ((returnVal == null) || (typeof (returnVal) == "undefined")) returnVal = false;
  }
  dbg("ActiveX Control result: " + returnVal);
  return returnVal;
}

/**
 * We interpret the presence of the iTunes Firefox plugin to mean that iTunes itself has been installed.
 * @return true if the iTunes Firefox plugin was successfully loaded.
 */
function iTunesMozillaPluginDetected() {
  var result = false;
  if (navigator.plugins &amp;&amp; navigator.plugins.length &gt; 0) {
    for (var i=0; i &lt; navigator.plugins.length; i++ ) {
      var plugin = navigator.plugins[i];
      var pluginName = plugin.name;
      if (pluginName.indexOf("iTunes Application Detector") &gt; -1) { result = true }
    }
  }
  info("FF plugin detected: " + result);
  return result;
}

/**
 * This is the main entry point from WebObjects code.  See MHBrowserRedirect.java
 *
 * @param url the url to open if iTunes is installed
 * @param downloadUrl the url to go to to download iTunes
 * @param overridePanelId the id to unhide if the browser is firefox/opera.
 * @param noClose if true, don't close the browser window after opening iTunes.
 */
function itmsOpen(url, downloadUrl, overridePanelId, noClose) {
  dbg("You're in debug mode.");

  if (null != getCookie('recentlyRedirected')) noClose = true;
  setCookie('recentlyRedirected', true, 4000);

  if (iTunesDetected()) {
    setCookie(ITUNES_INSTALLED_COOKIE_NAME, true, 9999999999); 

    if (noClose) {
      //info("itmsOpen(): Opening " + url + "\nThis window will remain open.");
      // we can't set window.location.href directly because the current page will not
      // be rendered (at least in Safari 416.12).  The odd thing is that even a window.alert()
      // hides this bug, if it is a bug.
      setTimeout('window.location.href = "'+url+'"', 1);
      return true;
    } else {
      return replaceCurrentPageWithUrl(url);
    }
  }
  else {
    var b = detectedBrowser();
    if (BROWSER_INTERNET_EXPLORER == b || BROWSER_FIREFOX == b || BROWSER_SAFARI == b) {
      // take IE users straight to the download page because we're sure they don't
      // have iTunes installed (they would have had the ActiveX component show up)
      window.location.replace(downloadUrl);
    }
    else { // for all other browsers, let the user tell us if iTunes is installed:
      document.getElementById(overridePanelId).style.display='block';
    }
  }
  return true;
}

/**
 * Open the given url (using iTunes) and make a best effort to close or go back in the current window.
 */
function replaceCurrentPageWithUrl(url) {

  window.location.href = url;

  info("Window History Length: " + window.history.length);
  if (window.history.length &lt; 2) {
    setTimeout('window.close()', 100);
  } else {
    setTimeout('window.history.back()', 100);
  }
  return true;
}

function setCookie(cookieName,cookieValue,ttlMillis) {
  var expire = new Date();
  expire.setTime(expire.getTime() + ttlMillis);
  var cookie = cookieName + "=" + escape(cookieValue) + "; expires=" + expire.toGMTString();
  info("setCookie(): " + cookie);
  document.cookie = cookie;
}

function getCookie(cookieName) {
  if (null == document.cookie || null == cookieName) return null;
  var cookies = document.cookie.split(';');
  var result = null;
  for (var i=0; i &lt; cookies.length; i++) {
    var c = cookies[i];
    var keyValue = c.split('=');
    if (-1 &lt; keyValue[0].indexOf(cookieName)) {
      result = unescape(keyValue[1]);
      break;
    }
  }
  info("getCookie(" + cookieName + "): " + result);
  return result;
}

function dbg(str) {
//  return alert(str);
}

function info(str) {
//  return alert(str);
}

Link to comment
Share on other sites

I have been able to get most of the xml but the search xml defied me until now inoreder to get the xml all you have to do is change your user agent to

iTunes/8.0.2 (Windows; U; Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)) DPI/96

in Firefox you can just used User agent switch and go to options and add the above and then right click by the url bar and click customize then add the user agent thing and select the itunes agent.

Yay I found it I found it yay!!!! Did I mention I'm ecstatic yay!!!!!

Enjoy!!

I wonder does anyone else but me care or find this interesting??? Or do you all think I'm off my rocker because of this (or maybe you already thought that :))?

Link to comment
Share on other sites

I have been able to get most of the xml but the search xml defied me until now inoreder to get the xml all you have to do is change your user agent to

in Firefox you can just used User agent switch and go to options and add the above and then right click by the url bar and click customize then add the user agent thing and select the itunes agent.

Yay I found it I found it yay!!!! Did I mention I'm ecstatic yay!!!!!

Enjoy!!

I wonder does anyone else but me care or find this interesting??? Or do you all think I'm off my rocker because of this (or maybe you already thought that :))?

I don't know that you can access it short of impersonating the iTunes app/user agent

Yeah, I had a suspicion it would be something simple like that. Might even be able to manually add a cookie to let you do other things as well, via the whole address bar java script:document.cookie=(whatever) type trick.

Link to comment
Share on other sites

Well I had a linger post but it failed so here is the quick version

itunes.com/[artist] in this case U2

instead of getting the number from what I thought was cookie iTunes gets the number using xml data in order to get the xml you do have to spoof the itunes user agent

so you type in this address

itunes.com/U2

it then receives two 302 errors and address

on the second one it gets

Request URI: /WebObjects/MZStore.woa/wa/browserRedirect?url=itms%253A%252F%252Fsearch.itunes.apple.com%252FWebObjects%252FMZContentLink.woa%252Fwa%252Flink%253Fpath%253Du2

the first time it tries to send a get request in only sends TCP (listed as HTTP protocol) with an ICMP packet sent back saying destination unreachable

so it sends that SAME request again (wireshark lists it as a TCP retransmission)

it then does get the html this page finds wether you have itunes or not and then either sends the needed info for itunes or displays this page

tunes.jpg

if it finds iTunes it then sends a get request for

Request URI: /WebObjects/MZContentLink.woa/wa/link?path=u2&ign-mscache=1

Host: search.itunes.apple.com\r\n

That is XML data (use user agent for itunes) and it gives the info for the next get request (it needs the number) (XML DATA HERE http://download255.mediafire.com/m2laddjmj...itunes.com+xml)

After getting the XML data it request the next page (this page is the xml data itunes uses for display)

Request URI: /WebObjects/MZStore.woa/wa/viewArtist?id=78500&v0=itunes.com%2Fu2

Host: ax.itunes.apple.com\r\n

XML Data http://download270.mediafire.com/lmnddcnjy...j/itunesxmldata

Enjoy!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...