Security on Binary Yogahttps://yogirk.dev/tags/security/Recent content in Security on Binary YogaHugoen-usMon, 09 Mar 2026 00:00:00 +0000Poking around a streaming platform's unsecured APIhttps://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/Mon, 09 Mar 2026 00:00:00 +0000https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/<h2 id="the-problem">The Problem</h2> <p><a href="https://www.etvwin.com/">ETVWin</a> is a Telugu streaming platform. Growing up in the 90s, ETV was the only source of entertainment for many Telugu households. It was a cultural phenomenon. So I thought, they have a huge library of nostalgia inducing content. But there is one problem - their site search sucks!</p> <figure class="figure "> <div class="figure-image-wrapper" style="background-image: url('/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_cf22264b8c5de0a3.png'); aspect-ratio: 2340 / 922;"> <picture> <source srcset="https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_859c6a7ae33af6c.webp 640w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_29b86e9a974d7b83.webp 960w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_b53d043af5485847.webp 1280w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_f7e1ce165bdb426b.webp 1920w" sizes="(min-width: 1024px) 75ch, 100vw" type="image/webp"> <source srcset="https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_73f7ed084007b8ba.png 640w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_ee55f155df73c4ff.png 960w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_b07fca2cdeffaf19.png 1280w, https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_4787a9dae3e36c97.png 1920w" sizes="(min-width: 1024px) 75ch, 100vw" type="image/png"> <img class="figure-image" src="https://yogirk.dev/posts/poking-around-a-streaming-platforms-unsecured-api/image_hu_b07fca2cdeffaf19.png" alt="ETVWin search results showing poor search experience" width="2340" height="922" loading="lazy" onload="this.parentElement.parentElement.classList.add('is-loaded')"> </picture> </div> </figure> <p>Armed with Claude Code, I decided to poke around a bit and see if there is a way to find what I was looking for. I trusted them to have designed a bad system and I was sure I could find a way around it. With a bit of poking around, I ended up downloading their entire catalog and building a local search engine for it.</p>