Downloading private videos from Zoom
Sometimes you just want to download a video you have access so you can keep it to watch later at your own leisure, or offline. However, if the content is locked you will not be able to do it. On this post lets have a look at how we can download a video from zoom even thought its restricted from downloading.
Method 1 (UI)
Go to the zoom link where you can watch the video.
On the page the video shows up Right-mouse click is disable so we need to enable it first
Press F12 and go to Event Listeners > Context Menu and delete the lock there.
Next you want to find the url for the video, the quickest way to do it is by pressing Ctrl + Shift + C which will turn dynamic select element on, and click on the video this will take you directly to the video url, you need to copy the url
Next you need to go to the top of the page where the body tag is located and edit as HTML
Now create a new H1 tag, and a tag with the href properties you have copied
This will create a link on the client side view of the page, which will only show to you
After the video becomes visible you can go ahead and Right-click on mouse and Save As and the video file will appear to be downloaded
Explanation
Because we are calling the request directly from the same original zoom url, the server still thinks this is the original request coming from the client to render the video
If you try copying the same a href link into another tab or website, the request will become invalid, this is likely due to security on CORS, which will prevent websites not on the allowed list to perform requests.
Because the request is coming from the original zoom link, it already has all the tokens cached so its bypassed that way
Method 2 (API)
There is also another method which we can explore and try to download the video using the official Zoom API Calls
If we go back to the video url we extract from the page again, lets examine the url a bit...
Lets bring the url to Powershell and simply replace '=' with a NewLine and add the = again
$url = ""https://ssrweb.zoom.us/replay02/2024..." #url capture here
$url.replace("=","`n=") #This will replace the = with a NewLine and add the = again
This will allow us to have a better idea of the elements that are inside the url. Looking close we can see there is a JW Token on the url which we can try to decode it
Let's copy only the token part and bring it to JWT.IO Token Decoder to see what kind information we can extract from it
We can see some information about the token itself like, where its re-directing the user, maxAge,expiryDate Epoch, but nothing else too sensitive
Digging into the Zoom API documentation, I found the part where it explains how to retrieve a video using the API, however looks like the token we have retrieve did not have the necessary permissions to download the content using it
Unfortunatelly this was the end of our exploration trying to download the zoom video using the API Calls, we cannot verify which access our token has but looks like it does not have the recording:reading and recording:writing to be able to download the video. But the simpler method from Client Side still works like magic :)