Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risky actions #66

Open
Merubokkusu opened this issue May 5, 2021 · 24 comments
Open

Risky actions #66

Merubokkusu opened this issue May 5, 2021 · 24 comments

Comments

@Merubokkusu
Copy link
Owner

Merubokkusu commented May 5, 2021

Here's a compiled list of all the risky functions and actions that have been found along with their relevant issues. We will be updating this list as more risky actions come to our attention. Doing the following have a high change of phone-locking/disabling your account:

And, of course, for most endpoints, abusing the REST api (not waiting adequately between requests) can get your account phone-locked/disabled. Ideally, try not to get rate limited in the first place.

edit: b5a92ca updates the headers and cookies - was able to join a guild and dm a user right after from 2 accounts (1 new and another 1-week-aged). Try reinstalling and seeing how it goes.
Note: don't set suspicious user agents. If you set a good user agent, discum should join (non massive guilds), dm, etc smoothly.

@Merubokkusu Merubokkusu pinned this issue May 5, 2021
@fucksophie
Copy link

fucksophie commented May 29, 2021

bot.joinGuild 100% disables your account. I have tried it on multiple tokens.


arandomnewaccount:
fixed a few functions (most notably, bot.createDM, bot.requestFriend, and bot.joinGuild). I tested them on my alts and did not get phone locked. However, spamming these functions can still lock your account. Make sure you use good proxies and don't spam the functions.

@viown
Copy link

viown commented May 31, 2021

I cloned discum and used it directly and bot.joinGuild still locks my account at first try.


arandomnewaccount:
darn ok - well thanks for testing it. I tried it the day before yesterday and was able to join a guild using bot.joinGuild without getting phone locked. Guess I'll go back to testing lol.

@ApollyonZero
Copy link

ApollyonZero commented Jun 19, 2021

something I noticed about discord is that joining a server when the account is too new will get you phonelocked even if you use the discord client, you might want to factor that in when using bot.joinGuild


arandomnewaccount:
oh ok that's interesting. Maybe registering an account thru the join-guild page might have slightly different results?
Also, ig it's helpful then to note that bot.joinGuild worked for me recently on a 3 week old account.

@sinuoy
Copy link

sinuoy commented Jun 27, 2021

In my experience, guildJoin (also guild creation) action(s) only disable the account when the Token was also generated by the bot. If I manually register an account, and join a guild programmatically, then it doesn't disable that account.

@cateee69
Copy link

cateee69 commented Nov 19, 2021

bot.createDM 100% phone locks your token

@el-bekasto
Copy link

How to "adequately wait" between createDM requests? In REST API I tried 10 seconds and random between 5 and 10 seconds, in both cases I get banned after second created DM

@cateee69
Copy link

cateee69 commented Dec 3, 2021

for me i got locked after 1dm

@el-bekasto
Copy link

for me i got locked after 1dm

Have you tried various delays? Did you find something suitable?

@ghost
Copy link

ghost commented Dec 3, 2021

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

@el-bekasto
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

@ghost
Copy link

ghost commented Dec 3, 2021

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

@cateee69
Copy link

cateee69 commented Dec 3, 2021

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

@el-bekasto
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

Thank you!

@el-bekasto
Copy link

Btw how can I set the cookie?

@el-bekasto
Copy link

el-bekasto commented Dec 4, 2021

I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words

@ghost
Copy link

ghost commented Dec 4, 2021

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

@ghost
Copy link

ghost commented Dec 4, 2021

I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words

Here is how you can get these values, code is ass but it works.

The You can use the same X-Superproperties header as me, its just a base64 encoded json containing data from the user agent mostly

import requests

def cloudflare_cookies():
    r = requests.get("https://discord.com")
    z = r.cookies.get_dict()
    cookies = ""
    for c in z:
        cookies = cookies + c + "=" + r.cookies[c] + "; " # ugly af but idk shit about python formatting
    print(cookies + "locale=us") #just return this value
    
def get_fingerprint():
    r = requests.get("https://discord.com/api/v9/experiments")
    print(r.json().get('fingerprint')) #just return this value
    
cloudflare_cookies()
get_fingerprint()

@el-bekasto
Copy link

el-bekasto commented Dec 5, 2021

I used all headers you gave including cookies and fingerprint, and when I try to join to server or create dm, it just throws 403 Forbidden.

@el-bekasto
Copy link

el-bekasto commented Dec 5, 2021

And seems like your function for getting cookie doesn't work, it returns empty cookie.


arandomnewaccount:
running some tests on an updated version of discum (hasn't been pushed yet) and I can join guilds without getting locked. Updated some headers (ua hints, x-fingerprint) and cookies (the request for the build num will also return the cookies, so 2 tasks in 1).

haven't added captcha support, that'll come in later

you can try out the development branch: https://github.com/Merubokkusu/Discord-S.C.U.M/tree/development
will be running some more tests tmr

edit: pushed the changes the master branch. Let me know if you run into issues.

@hoemotion
Copy link

hoemotion commented Dec 14, 2021

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

You shouldn‘t use always the same fingerprint and the same cookies.. send their api/v9/experiments a request and obtain the needed stuff for every request


arandomnewaccount:
latest version of discum should work (installed thru github). It sets the x-fingerprint thru experiments and sets the cookies thru discord.com/login. As long as you don't set a suspicious user agent it should be fine. b5a92ca was the fix

@elenakrittik
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

"x-super-properties" is a base64 encoded json string:

{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}

*im used base64decode.org to decode it

@hoemotion
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

"x-super-properties" is a base64 encoded json string:

{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}

*im used base64decode.org to decode it

You can easily use the built-in base64 module in python for encoding decoding base64 stuff

@ChocoTonic
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message?

and how do we build up the information we need to make the message to a specific user id?

@neu-ma-tic
Copy link

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message?

and how do we build up the information we need to make the message to a specific user id?

POST /users/@me/channels. use devtools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

12 participants