Discord-S.C.U.M
Discord-S.C.U.M copied to clipboard
Merubokkusu
Risky actions
Here's a compiled list of all the risky functions and actions that have been found along with their relevant issues. We will be updating this list as more risky actions come to our attention. Doing the following have a high change of phone-locking/disabling your account:
- bot.createDM (#41)
- bot.requestFriend
- bot.joinGuild
- bot.setAvatar (#34, #76)
And, of course, for most endpoints, abusing the REST api (not waiting adequately between requests) can get your account phone-locked/disabled. Ideally, try not to get rate limited in the first place.
edit: https://github.com/Merubokkusu/Discord-S.C.U.M/commit/b5a92caa630887fa2549069e3e89939690db43b0 updates the headers and cookies - was able to join a guild and dm a user right after from 2 accounts (1 new and another 1-week-aged). Try reinstalling and seeing how it goes. Note: don't set suspicious user agents. If you set a good user agent, discum should join (non massive guilds), dm, etc smoothly.
bot.joinGuild 100% disables your account. I have tried it on multiple tokens.
arandomnewaccount: fixed a few functions (most notably, bot.createDM, bot.requestFriend, and bot.joinGuild). I tested them on my alts and did not get phone locked. However, spamming these functions can still lock your account. Make sure you use good proxies and don't spam the functions.
I cloned discum and used it directly and bot.joinGuild still locks my account at first try.
arandomnewaccount: darn ok - well thanks for testing it. I tried it the day before yesterday and was able to join a guild using bot.joinGuild without getting phone locked. Guess I'll go back to testing lol.
something I noticed about discord is that joining a server when the account is too new will get you phonelocked even if you use the discord client, you might want to factor that in when using bot.joinGuild
arandomnewaccount: oh ok that's interesting. Maybe registering an account thru the join-guild page might have slightly different results? Also, ig it's helpful then to note that bot.joinGuild worked for me recently on a 3 week old account.
In my experience, guildJoin (also guild creation) action(s) only disable the account when the Token was also generated by the bot. If I manually register an account, and join a guild programmatically, then it doesn't disable that account.
How to "adequately wait" between createDM requests? In REST API I tried 10 seconds and random between 5 and 10 seconds, in both cases I get banned after second created DM
for me i got locked after 1dm
Have you tried various delays? Did you find something suitable?
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", {
"headers": {
"referer":"https://discord.com/channels/@me/916406548220248124"
"host":"discord.com",
"origin": "https://discord.com",
"accept": "*/*",
"accept-language": "en-GB",
"authorization": "*censored*",
"content-type": "application/json",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-debug-options": "bugReporterEnabled",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36",
"x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==",
"x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum
"cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies
},
"body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}",
"method": "POST",
});
If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
that's to send a message in a dm to someone you already dmed not to create a dm
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
Thank you!
I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
that's to send a message in a dm to someone you already dmed not to create a dm
Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.
I just have many accounts, how can I know which cookies, super properties and fingerprint to set? I would be glad if you share with some docs or tutorials about this or explain with your words
Here is how you can get these values, code is ass but it works.
The You can use the same X-Superproperties header as me, its just a base64 encoded json containing data from the user agent mostly
import requests
def cloudflare_cookies():
r = requests.get("https://discord.com")
z = r.cookies.get_dict()
cookies = ""
for c in z:
cookies = cookies + c + "=" + r.cookies[c] + "; " # ugly af but idk shit about python formatting
print(cookies + "locale=us") #just return this value
def get_fingerprint():
r = requests.get("https://discord.com/api/v9/experiments")
print(r.json().get('fingerprint')) #just return this value
cloudflare_cookies()
get_fingerprint()
I used all headers you gave including cookies and fingerprint, and when I try to join to server or create dm, it just throws 403 Forbidden.
And seems like your function for getting cookie doesn't work, it returns empty cookie.
arandomnewaccount: running some tests on an updated version of discum (hasn't been pushed yet) and I can join guilds without getting locked. Updated some headers (ua hints, x-fingerprint) and cookies (the request for the build num will also return the cookies, so 2 tasks in 1).
haven't added captcha support, that'll come in later
you can try out the development branch: https://github.com/Merubokkusu/Discord-S.C.U.M/tree/development will be running some more tests tmr
edit: pushed the changes the master branch. Let me know if you run into issues.
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
You shouldn‘t use always the same fingerprint and the same cookies.. send their api/v9/experiments a request and obtain the needed stuff for every request
arandomnewaccount: latest version of discum should work (installed thru github). It sets the x-fingerprint thru experiments and sets the cookies thru discord.com/login. As long as you don't set a suspicious user agent it should be fine. https://github.com/Merubokkusu/Discord-S.C.U.M/commit/b5a92caa630887fa2549069e3e89939690db43b0 was the fix
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
"x-super-properties" is a base64 encoded json string:
{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}
*im used base64decode.org to decode it
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
"x-super-properties" is a base64 encoded json string:
{"os":"Windows","browser":"Discord Client","release_channel":"stable","client_version":"1.0.9003","os_version":"10.0.19042","os_arch":"x64","system_locale":"fr","client_build_number":106868,"client_event_source":null}*im used base64decode.org to decode it
You can easily use the built-in base64 module in python for encoding decoding base64 stuff
tried plain request with all the safety mesures taken ( all the headers, cloudflare cookies etc ) and I'm able to send a lot of dm's without getting locked atm
can you please share example of headers, cloudfare cookies etc?
fetch("https://discord.com/api/v9/channels/916406548220248124/messages", { "headers": { "referer":"https://discord.com/channels/@me/916406548220248124" "host":"discord.com", "origin": "https://discord.com", "accept": "*/*", "accept-language": "en-GB", "authorization": "*censored*", "content-type": "application/json", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "x-debug-options": "bugReporterEnabled", "user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) discord/1.0.9003 Chrome/91.0.4472.164 Electron/13.4.0 Safari/537.36", "x-super-properties": "eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiRGlzY29yZCBDbGllbnQiLCJyZWxlYXNlX2NoYW5uZWwiOiJzdGFibGUiLCJjbGllbnRfdmVyc2lvbiI6IjEuMC45MDAzIiwib3NfdmVyc2lvbiI6IjEwLjAuMTkwNDIiLCJvc19hcmNoIjoieDY0Iiwic3lzdGVtX2xvY2FsZSI6ImZyIiwiY2xpZW50X2J1aWxkX251bWJlciI6MTA2ODY4LCJjbGllbnRfZXZlbnRfc291cmNlIjpudWxsfQ==", "x-fingerprint":"916408446201511969.FOUi11--OhLllS7ObxZRjOiJg70", // GET request here https://discord.com/api/v9/experiments, but i think theres a function for that in discum "cookie": __dcfduid=bdf78be7a3944994b74759331aed4b38; __sdcfduid=49b2b1a0f42f11ebb0102fe90e86e46da55140655ec8f4b9c30cd912080e59586d45c599c0f51336d8a9887263be4d5f" // make a GET request to discord.com and log the cookies }, "body": "{\"content\":\"jdzapoj\",\"nonce\":\"916406626737455104\",\"tts\":false}", "method": "POST", });If you want to analyze this in depth, just open devtools and send private message to one of your friends then look at the requests made
that's to send a message in a dm to someone you already dmed not to create a dm
Same headers are passed. We are not talking about how to dm someone, but how to do it without being detected.
I'm a little confused by how you're supposed to use this. is the fetch to make the post request to send the message?
and how do we build up the information we need to make the message to a specific user id?
