raizo/discord-ipc-poc
1
0
Fork 0
mirror of https://github.com/iraizo/discord-ipc-poc synced 2025-12-04 03:27:36 +01:00
Code Issues Projects Releases Packages Wiki Activity
No description
11 commits 2 branches 1 tag 55 KiB
Find a file
Exact
Loron Gröbner 079b7000e3 format document
2022-11-13 11:17:07 +01:00
src format document 2022-11-13 11:17:07 +01:00
.gitignore init 2021-02-01 22:54:02 +01:00
Cargo.lock format document 2022-11-13 11:17:07 +01:00
Cargo.toml init 2021-02-01 22:54:02 +01:00
LICENSE added license 2021-03-24 17:49:02 +01:00
README.md Update README.md 2021-02-03 11:14:13 +01:00

README.md

discord-ipc-poc

Reading out sensitive account data from IPC socket

How does it work?

Discord opens an local websocket that exists for the RPC also called RPCServer (which we are gonna exploit) if you send an packet with the cmd OVERLAY and some args (read source code hint: L59) it will give you back an packet with the cmd DISPATCH and the PID you gave in args, that packet will give you the whole user object and token, this only works on windows as of right now since its the only OS where the overlay works, i do not know how to get it working on linux yet.