Scenario:

Mobile client -> AP ( WiFi hotspot | OpenWRT or Raspberry Pi ) -> Internet

In the middle, the AP can filter all packages. But haven't found out how wechat releases account information.

There is a GET request:

> http://dns.weixin.qq.com/cgi-bin/micromsg-bin/newgetdns?uin=929174300&clientversion=637734961&scene=0&net=1&md5=02d8691b08787fbbb9fd3ba88c887619&devicetype=android-17&lan=zh_CN&sigver

We can get 'uin' from it. It looks like to be a unique id, but not very sure. Yet we can not search the person based on the 'uin'.

People register wechat in 3 major ways.

1) Mobile phone number ( phone number with country code )

2) Same account with QQ number (only numbers)

3) Unique combination, such as 'abc123' ( letters and numbers )

Here's one map of wechat ID search assumption: http://imgur.com/Bndzhp1

We can get full control of the router now. Here we want to know how what one's WeChat ID exactly is, say, the 3 major ways.

Or is this assumption wrong?

Some ideas? Many thanks!