-
Star
(161)
You must be signed in to star a gist -
Fork
(76)
You must be signed in to fork a gist
-
-
Save m-Phoenix852/b47fffb0fd579bc210420cedbda30b61 to your computer and use it in GitHub Desktop.
| let token = "your token"; | |
| function login(token) { | |
| setInterval(() => { | |
| document.body.appendChild(document.createElement `iframe`).contentWindow.localStorage.token = `"${token}"` | |
| }, 50); | |
| setTimeout(() => { | |
| location.reload(); | |
| }, 2500); | |
| } | |
| login(token); |
spekly
commented
Dec 30, 2024
The backticks are missing for ${token}
"Use backticks () for embedding variables or expressions, like ${token}`."
is ur editor like deleting the backticks? try inserting them manually
let token = "your token";
function login(token) {
setInterval(() => {
const iframe = document.createElement("iframe");
document.body.appendChild(iframe);
iframe.contentWindow.localStorage.token = `${token}`;
}, 50);
setTimeout(() => {
location.reload();
}, 2500);
}
let token = "your_token_here"; // Replace with your actual token value
login(token);
they are added now but a new error comes up
Yeah @yum1234 is correct, your back ticks are being deleted, if this is an unavoidable issue, I have a one line version you can use as a bookmark.
@spekly reload, you declared your variable one too many times
sorry i accidentally pasted let token twice
let token = "your_token_here"; // Replace with your actual token value
function login(token) {
setInterval(() => {
const iframe = document.createElement("iframe");
document.body.appendChild(iframe);
iframe.contentWindow.localStorage.token = `${token}`;
}, 50);
setTimeout(() => {
location.reload();
}, 2500);
}
login(token);
Oh that makes sense 😄
it just says this then reloads the page
that means it works! close ur console and u should be logged in
i mean it refreshes the page and the login screen still stays the same, maybe the token is wrong?
Did you get your token from the authorization header? And not from local storage? They are different
how do i get a token from an authorization header?
Have your developer console open, with it switched to the network tab. Log in normally with your credentials. Do anything, and you will see a bunch of network requests pop up. Click on one of them, and switch to the header tab of the network request. Scroll down to authorization. Copy the string (this is your REAL token). (note if you don't see an authorization header please check a different packet. Send a message too and you will see even more network requests)
do i need to be in my account to get this? im trying to get into my old account and all i have is the token, idk if its from local storage or not
@yum1234 actually, i think my token IS from my network tab in console. I've tested using the authorization token to log in with the script and it still doesn't work.
I was in the same boat and to be honest I am not entirely sure. There might be a way to change your token so that its valid. A token is made out of 3 parts. The first part is a user ID. The second part is a timestamp. The third part is a crytographic string representing your username and password. You can very easily get the first and second part. The third part not so much. But if you have the third part, you might be able to manipulate the first and second part.
It seems like discord changed their token structure several times over, and there are many false or i guess old tokens that no longer fit the new system? There isn't much infomation aside from a few advanced programs...
Your old token may contain that third cryptographic part. It is now jsut a matter of modifying it to match the authorization header.
Are you still possibly logged into your old account?
unfortunately no. but the thing is, even if i use a new discord token (for example, i got the auth token on my main discord not long ago) and paste it within the quotation marks on the script you gave it will reload the page but still nothing will happen, and its the same for the other token aswell.
DId you follow a tutorial or video on how to get your token? Do you remember the link to it?
Ok. I have video evidence of this script working 7 days ago on yt for some friends who needed to login by token. This does not work now. wtf?? Can anyone test it on their end? Thanks for alerting it to our attention spekly.
@Techpro709
@spekly
Ok. After some deep testing
I figured it out. It strongly depends on WHEN you got the token.
I will post a more detailed post later
Ok. Each time one logins with either the token or actual account credentials, the current token become invalid!!!
I compared the authorization headers after mutiple logins, and yea, they all changed.
You HAVE TO get the new token. Or else if you log out, you won't have that newly generated token.
It looks like there are some common parts for amongst each token: only the end changes. I am assuming that it may represent the timestamp of the new login, and that if you have an old token, you can simply just change that ending to make it like the new token and therefore valid to login with.
If anyone has the expertise to help that would be greatly appreciated!
what should i change the ending of the old token to?
Ok. I have video evidence of this script working 7 days ago on yt for some friends who needed to login by token. This does not work now. wtf?? Can anyone test it on their end? Thanks for alerting it to our attention spekly.
@Techpro709 @spekly
Sure I can test it rq
Works perfectly fine.
Arc_dsWIoW2hB8.mp4
If you can, try to login again with the same token; I suspect that the token got invalidated on login and discord has generated a new one
sorry for the late reply, i have tested it again with my main and it works, i just needed to get a brand new fresh token after i send a message in console. but i think my old token is a bit too old and wont work.
Here's the thing about tokens, tokens are device specific, so if you have a token it is the session of one of your clients (maybe your web browser or one of your PCs) and since each session has a different token, if that session clicks log out or is force logged out, that token is invalidated. You can log out all tokens by changing your password aswell as adding certain security measures such as 2fa
can anyone help me? I wrote this code and in the console I get this:
Wait!
Sentry.06d44c857138cf37dfaa.js:14 If someone told you, if someone did something and pasted it here, there is an 11/10 chance that you will be scammed.
Sentry.06d44c857138cf37dfaa.js:14 Pasting anything here may give others access to your Discord account.
Sentry.06d44c857138cf37dfaa.js:14 Until you know exactly what's dangerous, close the window and stay safe.
Sentry.06d44c857138cf37dfaa.js:14 If you know what you like, welcome to work for us https://discord.com/jobs