[Bug] Invalid Timestamp

[SamuelScheit]

I've not tested your script, but I had a look at the source code and found that in line 106 of EvilToken.py you are using the registration timestamp of the user. But as discord makes all tokens prior to a password change invalid, you should use the current timestamp instead, so its guaranteed that the token timestamp will be valid.

[malpraku]

Nah, the timestamp actually doesn't matter. I thought that one of the token part requires the timestamp, but turns out no. So, I'm just way too lazy to modify the program lol.

[SamuelScheit]

I don't think it's possible without a timestamp. A JSON Web Token consists of three parts:

Discord:

the header = base64 encoded user id the payload = base64 encoded timestamp the verify signature = base64 encoded cryptographically verified header + payload

So by the design spec of JWT, which discord uses, it is not possible the leave the header or payload out.

[malpraku]

Wait, you're right. I'll improve this program ASAP. also planning to add proxy support + that timestamp thing