Scenario
Suppose a mobile page is restricted by the developer so that it can only be opened in the WeChat client. As we all know, it is very unfavorable to debug the page on the mobile phone, so it needs to be able to open and debug it on the computer. Here is an analysis of three common pages, bypassing their restrictions one by one, (of course, don't use them to do bad things)
tool preparation
1. A browser that is easy to debug. Personally like Chrome, this article is based on Chrome 43.0.2357.130 (official version) m (32-bit) environment;
2. Packet capture tool, fiddler4 is recommended, of course, if you prefer Wireshark, you can, anyway, as long as you can capture cookies;
3. Browser plug-ins that can edit cookies. I recommend EditThisCookie under Chrome, and if you are Firefox, you can try the editing function that comes with Firebug.
Bypassing methods
Here, three common restriction methods are classified (but I feel that there should be no fourth category), and the difficulty of bypassing methods is gradually increasing. The following sections will analyze one by one from the perspectives of confirming the restriction method and bypassing the restriction.
No obvious restrictions
. Example: Roll over, Little Locke has the most pages, which is basically the same as doing nothing.
Inspection method
Other browsers in the mobile phone can also open the page and browse the page normally. To debug the page on the PC, you only need to open the Chrome emulator.
Bypass method
1. Ctrl+Shift+I to open the developer center of chrome
2. Click the small mobile phone icon in the upper right corner of the toolbar of the developer center, as shown in the figure:
3. If you find that the touch screen cannot be simulated, it is because the settings are not turned on. Click the small arrow icon in the upper right corner of the developer center toolbar, then Emulation>Sensors>Emulate touch screen, and tick the option. As shown in the picture: 
easy to pass.
Check UA to limit
Example: Multi-bubble game-doNotTouchWhite Because this site game requires login, so put a public account for testing, do not abuse.
user:duopaotestdada
pwd:duopaotest
detection method
After the mobile browser is opened, it will jump to the other pages of the developer, or there will be a pop-up prompt, but it will not jump to the open.weixin.qq.com domain name.
Looking at this, you can be sure that nine out of ten are based on UA (UserAgent) detection. So the cracking method is very simple, just simulate UA. Chrome has this feature built in.
Bypass method
1. Open the browser simulator (see above)
2. Paste the following UA in the UA in the upper right corner of the simulator and re-enter the original page (do not refresh directly because some pages will jump according to the UA) )
Mozilla/5.0 (Linux; U; Android 4.1.2; zh-cn; Chitanda/Akari) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 MicroMessenger/6.0.0.58_r884092.501 NetType/WIFI 
or above It is the UA of Android mobile phone WeChat, and another UA under iOS is attached:
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12A365 MicroMessenger/5.4.1 NetType/WIFI
In general, these two have the same use, there is no difference , In fact, according to the habits of most front-ends, even if only one MicroMessenger field is filled in the UA, it can be bypassed.
3. Although the above method can bypass the restriction, it is inconvenient after all, and you have to manually change the UA every time. In fact, the newer version of the Chrome browser can customize the Device. Click the gear icon in the upper right corner of the developer center, then Devices>Add custom device, you can add a simulator with WeChat UA by yourself, and then switch it in the Device of the simulator interface. As shown in the figure: 
Using WeChat oauth as a restriction
example: Rescue Taiping Wheel because the game link above has expired, so change the page, the type is the same, and it can be used for testing: the above two kinds of lucky wheel are relatively common and can be easily bypassed Restrictions, and some pages with high user authentication requirements will use WeChat's OAUTH to pull openid for verification, which is not just easy to bypass by changing UA. Fortunately, it is not incomprehensible. Because authentication is generally stored in cookies, we can directly forge cookies for the PC simulator to make the page mistakenly believe that we are verifying in WeChat.
PS: This is a general method, but currently for the pages in WeChat, WeChat officially provides debugging support, and you can view the updated content.
Detection method
After the mobile phone browser is opened, it will jump to the domain name open.weixin.qq.com, and the page prompts to open the link in the WeChat client. Figure: 
bypass method
Change the browser UA to WeChat, then refresh the page, you will find that at this time, you will no longer be prompted to open the link in the WeChat client, but the entire page is blank.
Open fiddler, and set up the mobile phone wifi connection to ensure that the mobile phone data has passed through fiddler.
The configuration of fiddler can refer to this article. The two configurations of https must be done, otherwise the WeChat package cannot be captured. In addition, if it is determined that the mobile phone is connected to fiddler but the WeChat data packet has not been captured, you can first install the WeChat app. Forcibly close it, and then reopen it
. Click the page link in WeChat to enter the page normally, and then pay attention to the record of the relevant domain name on fiddler, and find the record behind Tunnel to open.weixin.qq.com. You will find that the original link has the oauth parameter at this time. Copy the link at this time as shown:
http://www.myhack58.com/Article/html/3/92/2015/67843.htm