starred/spotify_monitor

Fork 0

mirror of https://github.com/misiektoja/spotify_monitor.git synced 2026-04-25 22:55:52 +03:00

[GH-ISSUE #13] Challenges with Spotify Desktop client mode #10

New issue

Closed

opened 2026-02-27 20:07:40 +03:00 by kerem · 5 comments

kerem commented

2026-02-27 20:07:40 +03:00

Owner

Originally created by @misiektoja on GitHub (Jul 2, 2025).
Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/13

Hey @tomballgithub, @WurdahMekanik and @matthewcamilizer, continuing our discussion from #11 about issues with capturing Protobuf payload.

I checked and it indeed looks like Spotify changed something in client versions released after June 2025 - most likely a switch to HTTP/3 and/or certificate pinning.

I'll look into it more closely over the weekend.

Maybe using a different intercepting proxy will help (I believe Proxyman doesn't support HTTP/3 yet, if that's the issue), but for now, you'll likely need to use an older version of the Spotify desktop client to capture the Protobuf payload. I just installed an April 2025 version on macOS and it still works, i.e. I can intercept the traffic. Let me know if it works for you as well.

Originally created by @misiektoja on GitHub (Jul 2, 2025). Original GitHub issue: https://github.com/misiektoja/spotify_monitor/issues/13 Hey @tomballgithub, @WurdahMekanik and @matthewcamilizer, continuing our discussion from #11 about issues with capturing Protobuf payload. I checked and it indeed looks like Spotify changed something in client versions released after June 2025 - most likely a switch to HTTP/3 and/or certificate pinning. I'll look into it more closely over the weekend. Maybe using a different intercepting proxy will help (I believe Proxyman doesn't support HTTP/3 yet, if that's the issue), but for now, you'll likely need to use an older version of the Spotify desktop client to capture the Protobuf payload. I just installed an April 2025 version on macOS and it still works, i.e. I can intercept the traffic. Let me know if it works for you as well.

kerem closed this issue

2026-02-27 20:07:40 +03:00

kerem commented

2026-02-27 20:07:40 +03:00

Author

Owner

@tomballgithub commented on GitHub (Jul 2, 2025):

I still couldn't get this to work with the April version 1.2.61.443 on Windows using Proxyman.
I had no issue in earlier June when I tried this

@tomballgithub commented on GitHub (Jul 2, 2025): I still couldn't get this to work with the April version 1.2.61.443 on Windows using Proxyman. I had no issue in earlier June when I tried this

kerem commented

2026-02-27 20:07:40 +03:00

Author

Owner

@tomballgithub commented on GitHub (Jul 2, 2025):

Actually, I did get it to work after giving up. The only thing I did differently was after closing the client, I let everything sit for 1+ minutes before relaunching the Windows client. It immediately gave me the login5.spotify.com capture. I now have my 2nd account saved off for CLIENT usage if needed

@tomballgithub commented on GitHub (Jul 2, 2025): Actually, I did get it to work after giving up. The only thing I did differently was after closing the client, I let everything sit for 1+ minutes before relaunching the Windows client. It immediately gave me the login5.spotify.com capture. I now have my 2nd account saved off for CLIENT usage if needed

kerem commented

2026-02-27 20:07:40 +03:00

Author

Owner

@tomballgithub commented on GitHub (Jul 2, 2025):

For what it's worth, one time with the latest client, I was able to capture this, but then I couldn't subsequently. Again, this is Windows.

The user agent below indicates version 1.2.66.447, which is the current Windows version

@tomballgithub commented on GitHub (Jul 2, 2025): For what it's worth, one time with the latest client, I was able to capture this, but then I couldn't subsequently. Again, this is Windows. ![Image](https://github.com/user-attachments/assets/66841b4e-d300-4d60-ad48-46f97c3a8f10) The user agent below indicates version 1.2.66.447, which is the current Windows version ![Image](https://github.com/user-attachments/assets/ff5681f5-f933-43c5-82cc-ff09230b01a4)

kerem commented

2026-02-27 20:07:40 +03:00

Author

Owner

@misiektoja commented on GitHub (Jul 2, 2025):

I did some more tests today and it's true that the Spotify app behaves erratically. Sometimes you can capture the login5 packets (even with the newest client version), sometimes not. It's clearly related to Spotify randomly using HTTP/3, which uses QUIC over UDP 443.

But I found out there are some nice workarounds. The best one is to simply point Spotify at Proxyman directly in its settings; as QUIC needs raw UDP and can't traverse an HTTP CONNECT tunnel, the app now downgrades to TCP-based HTTP/2 or 1.1, which Proxyman can decrypt. To do that:

Start Proxyman and note the listening IP and port at the top bar
In Spotify → Settings → Proxy Settings, set:
- proxy type: HTTP
- host: 127.0.0.1 (or any other IP you see at the top bar of Proxyman)
- port: 9090 (or any other port you see at the top bar of Proxyman)
- restart the app
Grab your Protobuf treasures and disable proxying

Another approach is to block UDP port 443 for all Spotify processes at the OS level with a firewall of your choice. This forces the Spotify app to use plain TLS/TCP (instead of HTTP/3), letting intercepting proxy perform MITM.

Let me know if you now get consistent results as I do!

I updated the README.md accordingly too and added some additional clarifications to make it easier to set up.

I suggest grabbing your Protobufs while you still can. Not sure what Spotify is going to whip up in the next few weeks or months, but the refresh token from it seems to give an infinite token ... at least for now.

@misiektoja commented on GitHub (Jul 2, 2025): I did some more tests today and it's true that the Spotify app behaves erratically. Sometimes you can capture the `login5` packets (even with the newest client version), sometimes not. It's clearly related to Spotify randomly using HTTP/3, which uses QUIC over UDP 443. But I found out there are some nice workarounds. The best one is to simply point Spotify at Proxyman directly in its settings; as QUIC needs raw UDP and can't traverse an HTTP CONNECT tunnel, the app now downgrades to TCP-based HTTP/2 or 1.1, which Proxyman can decrypt. To do that: - Start Proxyman and note the listening IP and port at the top bar - In Spotify → Settings → Proxy Settings, set: - proxy type: `HTTP` - host: `127.0.0.1` (or any other IP you see at the top bar of Proxyman) - port: `9090` (or any other port you see at the top bar of Proxyman) - restart the app - Grab your Protobuf treasures and disable proxying Another approach is to block UDP port 443 for all Spotify processes at the OS level with a firewall of your choice. This forces the Spotify app to use plain TLS/TCP (instead of HTTP/3), letting intercepting proxy perform MITM. Let me know if you now get consistent results as I do! I updated the README.md accordingly too and added some additional clarifications to make it easier to set up. I suggest grabbing your Protobufs while you still can. Not sure what Spotify is going to whip up in the next few weeks or months, but the refresh token from it seems to give an infinite token ... at least for now.

kerem commented

2026-02-27 20:07:41 +03:00

Author

Owner

@tomballgithub commented on GitHub (Jul 10, 2025):

I suggest closing this. You updated the main documentation with all of the details, and if someone has an issue with any of it, or something changes again, they can open a new one.

@tomballgithub commented on GitHub (Jul 10, 2025): I suggest closing this. You updated the main documentation with all of the details, and if someone has an issue with any of it, or something changes again, they can open a new one.

No labels

Stale

bug

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/spotify_monitor#10

No description provided.

Rows
Columns