For security testing,<p>Scenario:<p>Mobile client -> AP ( WiFi hotspot | OpenWRT or Raspberry Pi ) -> Internet<p>In the middle, the AP can filter all packages. But haven't found out how wechat releases account information.<p>There is a GET request:<p>> http://dns.weixin.qq.com/cgi-bin/micromsg-bin/newgetdns?uin=929174300&clientversion=637734961&scene=0&net=1&md5=02d8691b08787fbbb9fd3ba88c887619&devicetype=android-17&lan=zh_CN&sigver<p>We can get 'uin' from it. It looks like to be a unique id, but not very sure. Yet we can not search the person based on the 'uin'.<p>People register wechat in 3 major ways.<p>1) Mobile phone number ( phone number with country code )<p>2) Same account with QQ number (only numbers)<p>3) Unique combination, such as 'abc123' ( letters and numbers )<p>Here's one map of wechat ID search assumption: http://imgur.com/Bndzhp1<p>We can get full control of the router now. Here we want to know how what one's WeChat ID exactly is, say, the 3 major ways.<p>Or is this assumption wrong?<p>Some ideas? Many thanks!