Last active
September 12, 2020 04:00
-
-
Save funnbot/c72fdc13b3e0c14720317e6b6b190544 to your computer and use it in GitHub Desktop.
Probably not working anymore.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function implantEval(window, d) { | |
const localStorage = d.body.appendChild(d.createElement("iframe")).contentWindow.localStorage; | |
const regex = new RegExp(JSON.parse(localStorage.token).split(".").join("|"), "g"); | |
window.addEventListener("keydown", handleDown); | |
console.log("Evaler Loaded") | |
function handleDown(event) { | |
if (!event.getModifierState("Alt")) return; | |
if (event.keyCode !== 13) return; | |
const textArea = document.querySelector("textarea"); | |
if (!textArea || !textArea.value) return; | |
sendMessage(resolveChannelID(), processEval(textArea.value)); | |
textArea.value = ""; | |
return; | |
} | |
function processEval(code) { | |
try { | |
var evaled = eval(code); | |
} catch (e) { | |
var evaled = e; | |
} | |
if (!evaled) return evaled + ""; | |
return (evaled + "").replace(regex, "[SECRET]"); | |
} | |
function sendMessage(channelID, content) { | |
var url = `https://discordapp.com/api/v7/channels/${channelID}/messages`; | |
var opts = { | |
method: "POST", | |
headers: { | |
Authorization: JSON.parse(localStorage.token), | |
"Content-Type": "application/json" | |
}, | |
body: JSON.stringify({ content }), | |
} | |
return fetch(url, opts).catch(console.error); | |
} | |
function resolveChannelID() { | |
const path = window.location.pathname; | |
return path.slice(path.lastIndexOf("/") + 1, path.length); | |
} | |
}(window, document)); |
I see what you did there
This gets your token and pastes it in a message. Don't do this people
Not sure why you think that, although this worked two years ago it may be broken now. But the intention is to replace any occurrence of your token so that when you mess up evaling some command, it isn’t leaked.
Just confirmed this doesn't actually work anymore, so I'm not sure where you got the idea that it was stealing your token heh...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
lmfao