Open SamuelScheit opened 3 years ago
Nah, the timestamp actually doesn't matter. I thought that one of the token part requires the timestamp, but turns out no. So, I'm just way too lazy to modify the program lol.
I don't think it's possible without a timestamp.
A JSON Web Token consists of three parts:
the header = base64 encoded user id the payload = base64 encoded timestamp the verify signature = base64 encoded cryptographically verified header + payload
So by the design spec of JWT, which discord uses, it is not possible the leave the header or payload out.
Wait, you're right. I'll improve this program ASAP. also planning to add proxy support + that timestamp thing
I've not tested your script, but I had a look at the source code and found that in line 106 of
EvilToken.py
you are using the registration timestamp of the user. But as discord makes all tokens prior to a password change invalid, you should use the current timestamp instead, so its guaranteed that the token timestamp will be valid.