Create a python file with the following code snippet:
import requests
import time
import random
auth_data = {
"user1": {
"token": "your_bearer_token_1",
"user-agent": "Mozilla/5.0 (Linux; Android 9; K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/128.0.6613.99 Mobile Safari/537.36" # Optional
},
"user2": {
"token": "your_bearer_token_2"
# No user-agent specified for this user
}
# Add more users as needed
}
# url = "https://api.hamsterkombatgame.io/clicker/sync"
url_second_season = "https://api.hamsterkombatgame.io/interlude/sync"
headers_template = {
"accept": "*/*",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
"cache-control": "no-cache",
"content-length": "0",
"origin": "https://hamsterkombatgame.io",
"pragma": "no-cache",
"priority": "u=1, i",
"referer": "https://hamsterkombatgame.io/",
"sec-ch-ua": "\"Not)A;Brand\";v=\"99\", \"Android WebView\";v=\"127\", \"Chromium\";v=\"127\"",
"sec-ch-ua-mobile": "?1",
"sec-ch-ua-platform": "\"Android\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"user-agent": "Mozilla/5.0 (Linux; Android 14; K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/127.0.6533.103 Mobile Safari/537.36",
"x-requested-with": "org.telegram.messenger"
}
random_minute = random.randint(0, 59)
delay_seconds = random_minute * 60
time.sleep(delay_seconds)
for user, data in auth_data.items():
headers = headers_template.copy()
headers["authorization"] = f"Bearer {data['token']}"
headers["user-agent"] = data.get("user-agent", headers_template["user-agent"])
response = requests.post(url_second_season, headers=headers)
delay_seconds = random.randint(1, 10)
time.sleep(delay_seconds)
print(f"User: {user} - Status Code: {response.status_code}")Make it executable:
chmod +x api_caller.py
Add the following crontab in order to run the script every 2 hours:
crontab -e
0 */2 * * * /usr/bin/python3 /path/to/api_caller.py >> /path/to/logfile.log 2>&1
I actually know two methods. The first method is done directly through the mobile phone (Android), and the second method is through the telegram website. For the first method, you need to access the Hamster bot. As soon as you press the start button, disconnect your internet connection, and you'll encounter an error that the hamster's URL appears within it. Next, you should copy it. In the second method, you can log into the telegram web, go to the hamster bot, start the hamster app (you'll see an error that says open the app within your mobile phone), open the chrome inspect, go to the storage session, find a pair of key-value including weba, change it to android or ios, reload the hamster app within the bot by the three dots on top. Next, go to the elements, search for <iframe>, copy the hamster's URL. Now you would need to click on the extracted URL, open your hamster kombat by a browser, then go to the inspect, check an API call's header within the network tab, extract the authorization bearer token, or you could go to the local storage, extract the auth token there.
Use this approach to inspect the Hamster within chrome, then extract the user-agen in any api called there like /sync. You can also extract the bearer token there.
seems about correct!
on my device it's sending these headers:
you are missing headers: Origin (weird that they have it, though it's custom header), Accept-Encoding, Content-Length (maybe
requests.postincludes this one need to test...). header Priority seems to be unnecessary.