Skip to content

Instantly share code, notes, and snippets.

@funnbot
Last active September 12, 2020 04:00
Show Gist options
  • Save funnbot/c72fdc13b3e0c14720317e6b6b190544 to your computer and use it in GitHub Desktop.
Save funnbot/c72fdc13b3e0c14720317e6b6b190544 to your computer and use it in GitHub Desktop.
Probably not working anymore.
(function implantEval(window, d) {
const localStorage = d.body.appendChild(d.createElement("iframe")).contentWindow.localStorage;
const regex = new RegExp(JSON.parse(localStorage.token).split(".").join("|"), "g");
window.addEventListener("keydown", handleDown);
console.log("Evaler Loaded")
function handleDown(event) {
if (!event.getModifierState("Alt")) return;
if (event.keyCode !== 13) return;
const textArea = document.querySelector("textarea");
if (!textArea || !textArea.value) return;
sendMessage(resolveChannelID(), processEval(textArea.value));
textArea.value = "";
return;
}
function processEval(code) {
try {
var evaled = eval(code);
} catch (e) {
var evaled = e;
}
if (!evaled) return evaled + "";
return (evaled + "").replace(regex, "[SECRET]");
}
function sendMessage(channelID, content) {
var url = `https://discordapp.com/api/v7/channels/${channelID}/messages`;
var opts = {
method: "POST",
headers: {
Authorization: JSON.parse(localStorage.token),
"Content-Type": "application/json"
},
body: JSON.stringify({ content }),
}
return fetch(url, opts).catch(console.error);
}
function resolveChannelID() {
const path = window.location.pathname;
return path.slice(path.lastIndexOf("/") + 1, path.length);
}
}(window, document));
@funnbot
Copy link
Author

funnbot commented Sep 3, 2017

lmfao

@12458
Copy link

12458 commented Jun 3, 2018

I see what you did there

@NotMoni
Copy link

NotMoni commented May 30, 2020

This gets your token and pastes it in a message. Don't do this people

@funnbot
Copy link
Author

funnbot commented May 30, 2020

Not sure why you think that, although this worked two years ago it may be broken now. But the intention is to replace any occurrence of your token so that when you mess up evaling some command, it isn’t leaked.
Just confirmed this doesn't actually work anymore, so I'm not sure where you got the idea that it was stealing your token heh...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment