Skip to content

Instantly share code, notes, and snippets.

@anadius

anadius/Origin - HTTP download.md

Created August 6, 2019 11:14
Show Gist options
  • Save anadius/f339dc93d530a08071a838dba3fe8c40 to your computer and use it in GitHub Desktop.
Save anadius/f339dc93d530a08071a838dba3fe8c40 to your computer and use it in GitHub Desktop.
Download ZIP
How to force Origin to download games from HTTP servers
Raw
Origin - HTTP download.md

How to force Origin to download games from HTTP servers

Download, install and run Fiddler.

Open Tools > Options....

Options

In Performance tab uncheck Parse WebSocket Messages and set Stream and forget bodies over to 0 MB.

performance

In HTTPS tab check Decrypt HTTPS traffic and install certificates when prompted. From dropdown menu select ...from non-browsers only. Click on Skip decryption (it will now say Perform decryption) and in the field below enter api1.origin.com (if that doesn't work you can always go back to those options and change it to *.origin.com).

https

Accept changes with OK. Click on FiddlerScript tab, and from dropdown menu select OnBeforeRequest. Add following code under the selected line and click on Save Script.

if (oSession.uriContains("/ecommerce2/downloadURL") && oSession.uriContains("&https=true")) { 
    oSession["ui-backcolor"] = "lime";
    oSession.fullUrl = oSession.fullUrl.Replace("&https=true", "&https=false");
}

script

Optional: Open Rules and check Hide CONNECTs.

connect

Restart Fiddler, run Origin and start downloading/updating the game. This is what you should see:

working

That entry with lime background is where Fiddler edited URL. Following entries are proof Origin downloads from HTTP server.

How to uninstall certificates

If you decide you don't want to use it anymore (or Origin adds some better, official solution), open Tools > Options... go to HTTPS tab, uncheck Decrypt HTTPS traffic and from Actions menu select Remove Interception Certificates. And accept when prompted. Now you can uninstall Fiddler.

remove

@lostact
Copy link

lostact commented Feb 25, 2025

Hi, thanks for sharing this, is there a similiar workaround for ea app too?

@anadius
Copy link
Author

anadius commented Feb 25, 2025

I don't think so. Last time I tried to capture EA app traffic - Fiddler didn't show all traffic, and mitmproxy showed a lot of handshake failures. So I think EA app pins some certificates. That means unless EA makes EA app download through HTTP - you won't be able to intercept the download link (unless you modify the EA app yourself). So if you want that for caching - your only option is to ask EA to implement it.

EA app uses GraphQL for their API. I grabbed the necessary request from some earlier version of the app before they improved the security. But Origin API still works, and that's what I use in my "Origin Helper". If you just want to generate a download link - search for "origin helper" anadius and you should be able to find my website.

@lostact
Copy link

lostact commented Feb 25, 2025

Thanks for your reply, will check it out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment