search

Derpitron / Discord-OTP-Forcer

Selenium based discord OTP forcer
GNU Affero General Public License v3.0
43 stars 12 forks source link

[Bug]: Session timeout #58

Closed amarzbar closed 1 year ago

amarzbar commented 1 year ago

Description

Hey there, I was checking through the documents and I was wondering if this app will intentionally time out of the session after about 300 seconds. Running it on my machine showed this behaviour multiple times and I was wondering if this was intended behaviour:

Minimal Reproduction

Can be reproduced by simply running the application to my knowledge

Error

Output:


Program mode:           login
Code mode:              normal
Number of tried codes:  28
Time elapsed for codes: 317.80392265319824
Number of ratelimits    9
Traceback (most recent call last):
  File "/home/marz/Discord-OTP-Forcer/main.py", line 67, in <module>
    userFacing(loadcfg())
  File "/home/marz/Discord-OTP-Forcer/main.py", line 63, in userFacing
    loginBootstrap(driver, cfg)
  File "/home/marz/Discord-OTP-Forcer/src/backend.py", line 99, in loginBootstrap
    loginFields['TOTP'] = driver.find_element(by=By.XPATH, value="//input[@placeholder='6-digit authentication code/8-digit backup code']") #or driver.find_element(by=By.XPATH, value="//*[@aria-label='Enter Discord Auth/Backup Code']")
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marz/Discord-OTP-Forcer/env/lib/python3.11/site-packages/selenium/webdriver/remote/webdriver.py", line 831, in find_element
    return self.execute(Command.FIND_ELEMENT, {"using": by, "value": value})["value"]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/marz/Discord-OTP-Forcer/env/lib/python3.11/site-packages/selenium/webdriver/remote/webdriver.py", line 440, in execute
    self.error_handler.check_response(response)
  File "/home/marz/Discord-OTP-Forcer/env/lib/python3.11/site-packages/selenium/webdriver/remote/errorhandler.py", line 245, in check_response
    raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.InvalidSessionIdException: Message: invalid session id
Stacktrace:
#0 0x55eab2df34e3 <unknown>
#1 0x55eab2b22b00 <unknown>
#2 0x55eab2b52de4 <unknown>
#3 0x55eab2b5434e <unknown>
#4 0x55eab2db33e4 <unknown>
#5 0x55eab2db73d7 <unknown>
#6 0x55eab2dc1b20 <unknown>
#7 0x55eab2db8023 <unknown>
#8 0x55eab2d861aa <unknown>
#9 0x55eab2ddc6b8 <unknown>
#10 0x55eab2ddc847 <unknown>
#11 0x55eab2dec243 <unknown>
#12 0x7ff24ee8f18a <unknown>```

### Operating System Version

Ubuntu 23.04

### Python Version

3.11.2

### Program Version 

Current

### Any other information or context?

_No response_
Derpitron commented 1 year ago

Hello, this is intentional behavior.

Discord uses a ticket-based authentication system for 2FA login entries. This "ticket" expires after around 300 seconds of usage, after which it is invalidated and we have to generate a new ticket by logging in again.

amarzbar commented 1 year ago

Hey there

Would there be any way to automate this? I get that hcaptcha requires a human on the other side to validate it, but do you think using Computer Vision could be a way of getting rid of the necessity of human intervention?

I say this because the theoretical upperbound of guessing the 2FA code is in the millions. (Assuming you don't do both recovery code and 2fa code, which would make the set much longer) and using this application is sorta like buying a lottery ticket.

Derpitron commented 1 year ago
  1. This program automatically re-runs the login code upon ticket-expiry.
  2. A captcha solver is beyond the scope of this program.