[Leopold]

To make sure we are on the same page and to (hopefully) start a technical discussion I will document what I have discovered so far.

This was mainly discovered using the Network tab in Firefox Web Developer Tools. I used the Edit and Resend option to modify the requests until I found what was actually required. I then used curl/jq/ffplay on the Linux command line to test the requests.

Retrieving and playing the HLS stream

(id=2020 is BT Sport 1)

Code:

ffplay "$(curl 'https://be.avs.bt.com/AVS/besc?action=GetCDN&type=LIVE&id=2020&channel=WEBHLS&asJson=Y' -H 'Cookie: avs_cookie=eyJhbGciOiJIbEszR1...'  | jq -r '.resultObj.src')"

The avs_cookie is generated with the following POST request when logged in and visiting the BT Sport website.

Code:

curl -si -X POST 'https://be.avs.bt.com/AVS/besc?action=LoginBT&channel=WEBHLS' -H 'Content-Type: application/x-www-form-urlencoded' -d 'SAMLResponse=PFJlc3B...ZT4='  | grep 'Set-Cookie: avs_cookie='

  
So the key to it is the SAMLResponse (it’s base64 encoded XML). This will be generated from the main BT login somehow and that is going to be the difficult (impossible?) bit.

Additional (possibly useful) information

AVS in the URLs is Accenture Video Solution.

The main BT login appears to be using Oracle SiteMinder SSO and is done with the following request that creates an SMSESSION cookie.

Code:

curl -si -X POST -d 'TARGET=https%3A%2F%2Fhome.bt.com%2Fsecure%2Floginforward%3Fview%3Dbtsport%26redirectURL%3DHTTPS%253A%252F%252Fsport%252Ebt%252Ecom%252Fss%252FSatellite%252Fbtsportplayer%252Fbt%252Dsport%252D1%252D01363810201090%253Fsite%253Dbtsport&[email protected]&PASSWORD=*****' -H 'Content-Type: application/x-www-form-urlencoded' https://signin1.bt.com/siteminderagent/forms/login.fcc | grep 'Set-Cookie: SMSESSION='

 
Hopefully someone has an idea of where to go from there!