Skip to main content

Quickstart Guide

This guide will help you start intercepting and deobfuscating bet365.com’s JavaScript in minutes.
Make sure you’ve completed the Installation steps before proceeding.

Overview

The workflow consists of three main steps:
  1. Start mitmproxy to intercept traffic
  2. Launch a browser configured to use the proxy
  3. Navigate to bet365.com and view deobfuscated output

Step 1: Start mitmproxy

Start the mitmproxy server with the custom Python addon: 
./mitmproxy.sh
This script runs: 
mitmproxy -s mitmproxy/src/python/main/download-payload.py
The download-payload.py addon:
  • Filters requests to the /Api/1/Blob endpoint
  • Detects obfuscated JavaScript by looking for the pattern (function(){ var _0x123a=
  • Saves received obfuscated code to the output/ directory
  • Runs refactor-obfuscated-code-jscodeshift.js to deobfuscate the code
  • Replaces the obfuscated response with deobfuscated code
  • Wraps the output with pre-transform and post-transform code
mitmproxy will start listening on http://localhost:8080 by default. Keep this terminal window open while intercepting traffic.

Step 2: Launch Browser with Proxy

You need to launch a browser configured to route traffic through mitmproxy.
Use a Separate Chrome ProfileThe recommendation is to create a new Chrome profile specifically for mitmproxy request/response interception. The obfuscated-code-logger.js might add significant noise to console debugging logs in the future.
open -a "Google Chrome" --args \
  --proxy-server=http://localhost:8080 \
  --enable-logging \
  --v=1 \
  --user-data-dir=$(pwd)/chrome-profile
This command:
  • Opens Chrome with a custom profile in ./chrome-profile
  • Routes all traffic through mitmproxy on port 8080
  • Enables verbose logging (useful for debugging)

Browser Flags Explained

FlagPurpose
--proxy-server=http://localhost:8080Routes all traffic through mitmproxy
--enable-loggingEnables Chrome’s debug logging
--v=1Sets verbose logging level
--user-data-dir=$(pwd)/chrome-profileUses separate Chrome profile to avoid conflicts

Step 3: Accept mitmproxy Certificate

On first launch, you need to install mitmproxy’s SSL certificate:
1

Navigate to mitm.it

In the proxy-configured browser, go to http://mitm.it
2

Download Certificate

Click on your operating system (macOS, Linux, Windows) to download the certificate
3

Install Certificate

Follow the platform-specific instructions to trust the mitmproxy certificate authority
Without installing the certificate, you’ll see SSL certificate errors when visiting HTTPS sites.

Step 4: Visit bet365.com

Navigate to https://bet365.com in your proxy-configured browser. As the page loads:
  • mitmproxy intercepts requests to /Api/1/Blob
  • Obfuscated JavaScript is detected and saved
  • The deobfuscation process runs automatically
  • Deobfuscated code replaces the obfuscated version
  • Your browser receives and executes the deobfuscated code

Step 5: View Output Files

All intercepted files are saved in the output/ directory: 
ls -lh output/
You’ll see files with naming pattern: 
<timestamp>-<type>-<index>.<extension>
File types:
  • *-received-*.js - Original obfuscated JavaScript from bet365
  • *-deobfuscated-*.js - Deobfuscated output (intermediate step)
  • *-sent-*.js - Final code sent to browser (includes pre/post transforms)
1772775620.073918-received-24.js    # Obfuscated original
1772775620.073918-deobfuscated-24.js # After transformations
1772775620.073918-sent-24.js        # Final beautified code

Viewing Console Output

If you started Chrome with --enable-logging --v=1, console output is logged to a file: 
tail -f chrome-profile/chrome_debug.log
To filter only JSON output from the deobfuscated code: 
tail -f chrome-profile/chrome_debug.log | \
  sed -En "s/.*inside.*\\]: (.*)\", source:  \(3\)/\1/p"

Development Workflow

For active development on the deobfuscation transformations, use this workflow:
1

Place obfuscated code

Put obfuscated JavaScript in:
mitmproxy/src/javascript/obfuscated-original.js
2

Watch for changes

Use watchexec to automatically recompile on changes:
watchexec -e js "touch mitmproxy/src/python/download-payload.py && \
  node mitmproxy/src/javascript/refactor-obfuscated-code-jscodeshift.js \
  mitmproxy/src/javascript/obfuscated-original.js \
  mitmproxy/src/javascript/deobfuscated-output.js && \
  node mitmproxy/src/javascript/pre-transform-code.js"
3

Edit transformations

Modify any refactor-obfuscated-code-jscodeshift-*.js file and see results automatically
This watches all *.js files (except obfuscated-original.js and deobfuscated.js) and recompiles the deobfuscation transform on changes.

Useful Tools

AST Explorer

Essential for manipulating JavaScript AST. Visualize and test transformations interactively.

Unminify

Formats comma operators well, which are heavily used in bet365’s obfuscated code.

Clear Cache Extension

Useful Chrome extension for clearing cache from toolbar or with keyboard shortcuts.

Understanding the Deobfuscation Process

The deobfuscation applies 11 transformation passes (numbered 0-10):
1

Parse obfuscated code

refactor-obfuscated-code-jscodeshift.js reads the obfuscated file
2

Apply transformations

Each transformation file (0.js through 10.js) modifies the AST:
  • Simplifying expressions
  • Inlining variables
  • Resolving array access
  • Removing dead code
3

Generate code

Uses escodegen to generate readable JavaScript from the transformed AST
4

Wrap with pre/post transforms

Adds setup code (pre-transform) and cleanup code (post-transform)
5

Beautify output

Uses jsbeautifier to format the final code

Troubleshooting

  • Verify mitmproxy is running: check the terminal for “Proxy server listening”
  • Confirm browser is using proxy: visit http://mitm.it - if it loads, proxy is working
  • Check firewall settings: ensure localhost:8080 is allowed
  • Install mitmproxy certificate from http://mitm.it
  • On macOS: Add to Keychain and set to “Always Trust”
  • On Linux: Add to system certificate store
  • Restart browser after installing certificate
  • Check that you’re visiting bet365.com (not a different domain)
  • Verify the filter in download-payload.py matches the endpoint
  • Look for errors in the mitmproxy terminal
  • Ensure the output/ directory exists and is writable
bet365 frequently rotates their obfuscated code. The current transformations may not work with the latest version.
  • Check the obfuscated/ directory for similar historical versions
  • The CI/CD pipeline tracks when bet365 updates their code
  • You may need to adjust transformation rules for new obfuscation patterns
If you see “Profile in use” errors:
rm -rf chrome-profile/SingletonLock
Or use a different profile directory:
--user-data-dir=$(pwd)/chrome-profile-2

Next Steps

Now that you have the basics working, explore:

Deobfuscation Process

Learn how the deobfuscation pipeline works in detail

Transform Scripts

Understand each AST transformation step

AST Manipulation

Study the AST manipulation techniques

Development Workflow

Learn the complete development workflow

Build docs developers (and LLMs) love

Get started for freeTalk to us