Discord Tokens

Commenti

35 commenti

  • donovan_dmc

    Screw mobile data users, and others with inconsistent ips I guess ¯\_(ツ)_/¯

    -3
  • PENGUIN114

    There aren't any token loggers for mobile, so if it's generated by the mobile client it can just ignore the checks.

    IPs will usually only change every couple days/when you restart the router if you have a Dynamic IP, then there's people with Static IPs as well.

    -3
  • Bobby(buizel)#3313

    you know they can make it look like it's coming from the mobile client and there will never be a true fix or a way to protect the token so yeah

    1
  • PENGUIN114

    If its created by mobile, not accessed.

    -2
  • Bobby(buizel)#3313

    it would have to be accessed by mobile it seems like you don't know how to discord client works

    1
  • PENGUIN114

    What are you on about? I'm just saying if the token was generated on a mobile device, it won't apply for that token.

    -3
  • Bobby(buizel)#3313

    it doesn't generate a token it accesses the token and then stores it

    1
  • PENGUIN114

    That isn't how it works.
    Whenever you login to discord, a new token is generated for you.

    Go to discord and open your developer tools, go to application, then go to local storage.
    Log out of discord and log back in, you'll see the "token" field change.

    -3
  • Bobby(buizel)#3313

    it will still be the same token it doesn't change unless you change your password

    1
  • PENGUIN114

    Try it.

    -1
  • Bobby(buizel)#3313

    still the same it's the same token explain to me this how can a user bot work everytime it logs in without generating a new token how would it get the new token if it was regenerated you would have to post the new token each time for the user bot to work but it continues to work with the same token it's basically logging in the same like the client

    1
  • PENGUIN114

    They don't work consistently due to what I said.
    People have to manually update it all the time.

    -1
  • PENGUIN114

    also please use some sort of punctuation, it's getting really hard to read.

    -2
  • Bobby(buizel)#3313

    no unless they change their password because I seen people run a user bot without having to change the token once

    1
  • PENGUIN114

    "you've seen people"
    yes yes, because people definitely say "oh look my token changed! let me update my token in my selfbots configuration!"

    -1
  • Bobby(buizel)#3313

    whatever you're not seeing what I'm saying you're just being stupid 

    1
  • galaxycatdev

    First of all the token is not stored in application local storage, and they keep moving it, I find it in the network tab of chrome or chromium and I find the science tab and I look in the request payload to find my token, you can also find your spotify token too. either way the token does NOT change upon logging out and logging back in, the Token is a derivative of your client_ID and client_Secret and if you have those then you can generate tokens either way its not going to help because for one yes mobile users have inconsistent IP address's and the fact that just marking the token as a mobile user doesnt do much,because you can still mark a token you generated as a mobile one or something

    0
  • PENGUIN114

    On the latest PTB build it is located in local storage and the token is regenned when you log in. If someone manually marks their token as mobile, then that's their fault, they shouldn't have done that if they wanted their token to be protected.

    -1
  • MutantRabbit767

    PENGUIN114 The last I checked users tokens don't regen every log-in, this would be completely pointless so they just don't do that. I feel like your getting mixed up with the way Roblox tokens work.

    1
  • PENGUIN114

    maybe my discord is just broken.
    anyways having tokens being able to be grabbed and accessed so easily is definitely a security flaw.

    1
  • pix

    I have a question, some guy did .token @Pixums and a token popped up! Is that real or not because it seemed like he tokened me. I changed my token ofc but i'm still scared

    0
  • PENGUIN114

    pix that's just a randomly generated string that matches the token regex.

    0
  • pix

    Yeah he basically took the 1st half of my token and acted like he was hard LOL, we all got into a group chat and me and my friend clowned everyone. They were saying they were going to swat me or something. Couldn't do anything lolol 

    0
  • donovan_dmc

    So in your world, Man-In-The-Middle attacks clearly don't exist.

    You can go on about how it would be hard to do, but not really if you have a close connection to the person, or access to their phone/pc. You can install a root certificate, issue a certificate for Discord, and siphon everything sent to and from Discord. This includes tokens, as well as passwords, (possibly) phone numbers, and more.

    I've done this to myself on pc, and mobile, so it is definitely possible. There is not a reliable way to prevent this. Certificate checks fail as soon as you're behind a network with a firewall that replaces all certificates, which is a MITM attack, but is perfectly valid. There really isn't anything you can do about this.

    3
  • donovan_dmc

    Also, yes, ip checking would work in some situations. But if something gets your token, what's stopping it from using that token to change your password on the fly? An antivirus? Clearly not if it got the token in the first place.

    2
  • pix

    I'm too simple minded to understand anything you said

    -1
  • imjaidynapper

    How do you find a discord token on pc? I'm slow, lol, and I can't find it.

    1
  • MutantRabbit767

    inspect element, listen over the network

    2
  • MutantRabbit767

    Not sure why you would need it tho :/

    0
  • imjaidynapper

    i’m still token logged and i hate it

    1

Accedi per aggiungere un commento.