Merubokkusu / Discord-S.C.U.M

A Discord API Wrapper for Userbots/Selfbots written in Python.
MIT License
589 stars 166 forks source link

Risky actions #66

Open Merubokkusu opened 3 years ago

Merubokkusu commented 3 years ago

Here's a compiled list of all the risky functions and actions that have been found along with their relevant issues. We will be updating this list as more risky actions come to our attention. Doing the following have a high change of phone-locking/disabling your account:

And, of course, for most endpoints, abusing the REST api (not waiting adequately between requests) can get your account phone-locked/disabled. Ideally, try not to get rate limited in the first place.

edit: https://github.com/Merubokkusu/Discord-S.C.U.M/commit/b5a92caa630887fa2549069e3e89939690db43b0 updates the headers and cookies - was able to join a guild and dm a user right after from 2 accounts (1 new and another 1-week-aged). Try reinstalling and seeing how it goes. Note: don't set suspicious user agents. If you set a good user agent, discum should join (non massive guilds), dm, etc smoothly.

fucksophie commented 3 years ago

bot.joinGuild 100% disables your account. I have tried it on multiple tokens.


arandomnewaccount: fixed a few functions (most notably, bot.createDM, bot.requestFriend, and bot.joinGuild). I tested them on my alts and did not get phone locked. However, spamming these functions can still lock your account. Make sure you use good proxies and don't spam the functions.

viown commented 3 years ago

I cloned discum and used it directly and bot.joinGuild still locks my account at first try.


arandomnewaccount: darn ok - well thanks for testing it. I tried it the day before yesterday and was able to join a guild using bot.joinGuild without getting phone locked. Guess I'll go back to testing lol.

ApollyonZero commented 3 years ago

something I noticed about discord is that joining a server when the account is too new will get you phonelocked even if you use the discord client, you might want to factor that in when using bot.joinGuild


arandomnewaccount: oh ok that's interesting. Maybe registering an account thru the join-guild page might have slightly different results? Also, ig it's helpful then to note that bot.joinGuild worked for me recently on a 3 week old account.

sinuoy commented 3 years ago

In my experience, guildJoin (also guild creation) action(s) only disable the account when the Token was also generated by the bot. If I manually register an account, and join a guild programmatically, then it doesn't disable that account.

cateee69 commented 2 years ago

bot.createDM 100% phone locks your token

el-bekasto commented 2 years ago

How to "adequately wait" between createDM requests? In REST API I tried 10 seconds and random between 5 and 10 seconds, in both cases I get banned after second created DM

cateee69 commented 2 years ago

for me i got locked after 1dm

el-bekasto commented 2 years ago

for me i got locked after 1dm

Have you tried various delays? Did you find something suitable?

ghost commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

el-bekasto commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

ghost commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
"headers": {
"referer":"https://discord.com/channels/@me/916406548220248124"
"host":"discord.com",
"origin": "https://discord.com",
"accept": "*/*",
"accept-language": "en-GB",
"authorization": "*censored*",
"content-type": "application/json",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-debug-options": "bugReporterEnabled",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
"x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
"x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
"cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
},
"body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
"method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

cateee69 commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

el-bekasto commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

Thank you!

el-bekasto commented 2 years ago

Btw how can I set the cookie?

el-bekasto commented 2 years ago

I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words

ghost commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

ghost commented 2 years ago

I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words

Here is how you can get these values, code is ass but it works.

The You can use the same X-Superproperties header as me, its just a base64 encoded json containing data from the user agent mostly

import requests

def cloudflare_cookies():
    r = requests.get("https://discord.com")
    z = r.cookies.get_dict()
    cookies = ""
    for c in z:
        cookies = cookies + c + "=" + r.cookies[c] + "; " # ugly af but idk shit about python formatting
    print(cookies + "locale=us") #just return this value

def get_fingerprint():
    r = requests.get("https://discord.com/api/v9/experiments")
    print(r.json().get('fingerprint')) #just return this value

cloudflare_cookies()
get_fingerprint()
el-bekasto commented 2 years ago

I used all headers you gave including cookies and fingerprint, and when I try to join to server or create dm, it just throws 403 Forbidden.

el-bekasto commented 2 years ago

And seems like your function for getting cookie doesn't work, it returns empty cookie.


arandomnewaccount: running some tests on an updated version of discum (hasn't been pushed yet) and I can join guilds without getting locked. Updated some headers (ua hints, x-fingerprint) and cookies (the request for the build num will also return the cookies, so 2 tasks in 1).

haven't added captcha support, that'll come in later

you can try out the development branch: https://github.com/Merubokkusu/Discord-S.C.U.M/tree/development will be running some more tests tmr

edit: pushed the changes the master branch. Let me know if you run into issues.

hoemotion commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

You shouldn‘t use always the same fingerprint and the same cookies.. send their api/v9/experiments a request and obtain the needed stuff for every request


arandomnewaccount: latest version of discum should work (installed thru github). It sets the x-fingerprint thru experiments and sets the cookies thru discord.com/login. As long as you don't set a suspicious user agent it should be fine. https://github.com/Merubokkusu/Discord-S.C.U.M/commit/b5a92caa630887fa2549069e3e89939690db43b0 was the fix

elenakrittik commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

"x-super-properties" is a base64 encoded json string:

{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}

*im used base64decode.org to decode it

hoemotion commented 2 years ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

"x-super-properties" is a base64 encoded json string:

{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}

*im used base64decode.org to decode it

You can easily use the built-in base64 module in python for encoding decoding base64 stuff

ChocoTonic commented 1 year ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message?

and how do we build up the information we need to make the message to a specific user id?

neu-ma-tic commented 1 year ago

tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm

can you please share example of headers, cloudfare cookies etc?

fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
  "headers": {
    "referer":"https://discord.com/channels/@me/916406548220248124"
    "host":"discord.com",
    "origin": "https://discord.com",
    "accept": "*/*",
    "accept-language": "en-GB",
    "authorization": "*censored*",
    "content-type": "application/json",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin",
    "x-debug-options": "bugReporterEnabled",
    "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
    "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", 
    "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
    "cookie":  __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
  },
  "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
  "method": "POST",
});

If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made

that's to send a message in a dm to someone you already dmed not to create a dm

Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.

I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message?

and how do we build up the information we need to make the message to a specific user id?

POST /users/@me/channels. use devtools