Skip to content
/ discord-ipc-poc Public

Reading out sensitive account data from discords IPC socket

License

MPL-2.0 license
16 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iraizo/discord-ipc-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

src

src

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

discord-ipc-poc

Reading out sensitive account data from IPC socket

How does it work?

Discord opens an local websocket that exists for the RPC also called RPCServer (which we are gonna exploit) if you send an packet with the cmd OVERLAY and some args (read source code hint: L59) it will give you back an packet with the cmd DISPATCH and the PID you gave in args, that packet will give you the whole user object and token, this only works on windows as of right now since its the only OS where the overlay works, i do not know how to get it working on linux yet.

About

Reading out sensitive account data from discords IPC socket

Topics

discord discord-api vulnerability

Resources

Readme

License

MPL-2.0 license
Activity

Stars

16 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

win release Latest
Feb 2, 2021

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages