Discord Tokens

Kommentare

35 Kommentare

  • donovan_dmc

    So in your world, Man-In-The-Middle attacks clearly don't exist.

    You can go on about how it would be hard to do, but not really if you have a close connection to the person, or access to their phone/pc. You can install a root certificate, issue a certificate for Discord, and siphon everything sent to and from Discord. This includes tokens, as well as passwords, (possibly) phone numbers, and more.

    I've done this to myself on pc, and mobile, so it is definitely possible. There is not a reliable way to prevent this. Certificate checks fail as soon as you're behind a network with a firewall that replaces all certificates, which is a MITM attack, but is perfectly valid. There really isn't anything you can do about this.

    3
  • donovan_dmc

    Also, yes, ip checking would work in some situations. But if something gets your token, what's stopping it from using that token to change your password on the fly? An antivirus? Clearly not if it got the token in the first place.

    2
  • MutantRabbit767

    inspect element, listen over the network

    2
  • Bobby(buizel)#3313

    you know they can make it look like it's coming from the mobile client and there will never be a true fix or a way to protect the token so yeah

    1
  • Bobby(buizel)#3313

    it would have to be accessed by mobile it seems like you don't know how to discord client works

    1
  • Bobby(buizel)#3313

    it doesn't generate a token it accesses the token and then stores it

    1
  • Bobby(buizel)#3313

    it will still be the same token it doesn't change unless you change your password

    1
  • Bobby(buizel)#3313

    still the same it's the same token explain to me this how can a user bot work everytime it logs in without generating a new token how would it get the new token if it was regenerated you would have to post the new token each time for the user bot to work but it continues to work with the same token it's basically logging in the same like the client

    1
  • Bobby(buizel)#3313

    no unless they change their password because I seen people run a user bot without having to change the token once

    1
  • Bobby(buizel)#3313

    whatever you're not seeing what I'm saying you're just being stupid 

    1
  • MutantRabbit767

    PENGUIN114 The last I checked users tokens don't regen every log-in, this would be completely pointless so they just don't do that. I feel like your getting mixed up with the way Roblox tokens work.

    1
  • PENGUIN114

    maybe my discord is just broken.
    anyways having tokens being able to be grabbed and accessed so easily is definitely a security flaw.

    1
  • imjaidynapper

    How do you find a discord token on pc? I'm slow, lol, and I can't find it.

    1
  • imjaidynapper

    i’m still token logged and i hate it

    1
  • galaxycatdev

    First of all the token is not stored in application local storage, and they keep moving it, I find it in the network tab of chrome or chromium and I find the science tab and I look in the request payload to find my token, you can also find your spotify token too. either way the token does NOT change upon logging out and logging back in, the Token is a derivative of your client_ID and client_Secret and if you have those then you can generate tokens either way its not going to help because for one yes mobile users have inconsistent IP address's and the fact that just marking the token as a mobile user doesnt do much,because you can still mark a token you generated as a mobile one or something

    0
  • pix

    I have a question, some guy did .token @Pixums and a token popped up! Is that real or not because it seemed like he tokened me. I changed my token ofc but i'm still scared

    0
  • PENGUIN114

    pix that's just a randomly generated string that matches the token regex.

    0
  • pix

    Yeah he basically took the 1st half of my token and acted like he was hard LOL, we all got into a group chat and me and my friend clowned everyone. They were saying they were going to swat me or something. Couldn't do anything lolol 

    0
  • MutantRabbit767

    Not sure why you would need it tho :/

    0
  • гuin

    https://support.discord.com/hc/en-us/community/posts/360049324394/comments/360013218994 
    it's because you are logged in via 2FA. Thats the only reason your token would change every log in. :facepalm:

    0
  • TheRealBread

    Yo, tokens dont regen with every login, i used to use my tokens to log into my accounts since i had lost my password, i used the same token for about 6 months and it never changed, having it regen with every login would be quite stupid since your token is the way discord knows how you are while in application, making a new one everytime you log in would mean you would be kicked out on all other devices you logged in everytime you log in, also binding it to your ip is not a solution of any sort, because that would mean you would need to re log everytime you use a vpn/proxies, which is annoying especially for any sort of developer

    0
  • Hakuri

    can someone help me i think i have been token logged this person keeps on getting on to my account even if I make a new account how can I delete the token logger and get rid of this hacker. the hackers main accounts name is iota!#0001 if that's important. 

    0
  • PENGUIN114

    Try it.

    -1
  • PENGUIN114

    They don't work consistently due to what I said.
    People have to manually update it all the time.

    -1
  • PENGUIN114

    "you've seen people"
    yes yes, because people definitely say "oh look my token changed! let me update my token in my selfbots configuration!"

    -1
  • PENGUIN114

    On the latest PTB build it is located in local storage and the token is regenned when you log in. If someone manually marks their token as mobile, then that's their fault, they shouldn't have done that if they wanted their token to be protected.

    -1
  • pix

    I'm too simple minded to understand anything you said

    -1
  • PENGUIN114

    If its created by mobile, not accessed.

    -2
  • PENGUIN114

    also please use some sort of punctuation, it's getting really hard to read.

    -2
  • marr ♡

    It has been 2 days since I contacted Discord about this issue. My account was stolen and the info was changed. And over $40 of gifts and boosts were bought. I no longer care about the account. I would like to get the $40-50 that was spent back. If possible I would also like to speak to human support, Please help !

    * I have been token-logged before and gotten my account back but somehow my email and password were changed to, but like i said i no longer care about my account i just want my money and phone number back. Please connect me to REAL HUMAN discord support not automated messages that don't help.

    -2

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.