A demonstration tool to highlight the vulnerability of Discord accounts by logging user tokens.
Please note, this repository is for educational and proof of concept purposes only. The information and code contained within it should not be used for any illegal or unethical activities. The contributors to this repository are not liable for any actions taken or damages caused by the use of the information or code provided here. It is the responsibility of the user to ensure compliance with all applicable laws and regulations, and to obtain any necessary permissions before using the code or information.
Don't ask me how to get people to run it or anything like that and please don't go to my server and ask for Discord tokens. Just to reiterate, I do not support illegal activity and this is just to educate people on how easy it is to get hacked.
The script activates on any site and puts you instantly on discord.com. There it gets the token out of the local storage.
Then it uses Base64 to encode the token.
Now the script redirects to a different page (e.g.: YouTube) and adds an URL Parameter which is the Base64 encoded token.
On the different page (e.g.: YouTube) the script gets the token out of the url (URL Parameter) and decodes it with Base64. Finally, it just sends the webhook request to the provided webhook url and adds the token in the content.
- Download the DiscordTokenLogger.js file
- Open Tampermonkey in your Browser
- Go to the Utilities tab
- Press the button 'Choose File' at 'Import from file'
- Choose the downloaded DiscordTokenLogger.js file
- Click on install in the tab that has opened
- Have fun!
If you need support, you can join this Discord server.
Bug reports and suggestions should be made in this repo's issue tracker using the templates provided. Please provide as much information as you can to best help us understand your issue and give a better chance of it being resolved.