Mastodawn

For example:

To post a message to Discord, you open a TLS connection to discord.com on port 443.

Then you send

POST /api/webhooks/($id)/($token) HTTP/1.1
Host: discord.com
Connection: close
User-Agent: ($some name for your program)
Content-Type: application/json
Content-Length: ($character count of the below)

{"content":"Hello, I am a bot!","username":"Anne the droid","avatar_url":"https://example.org/icon.png"}

Content may have markdown, username and avatar_url are optional.

To get the id and token, you go to a channel's Integration settings, "New Webhook", and there you will see a /api/webhooks/.../.... The token is the longer last part of the URL, and the ID the decimal number before it.

If you want to verify the message has been sent, add ?wait=true to the path in POST, and you won't get a reply until it has.

This can all be implemented in 60 lines of Lua, with only a socket library.

#Discord, #DiscordAPI

WetHat💦Jan 18, 2025

Key Points:
➡️ Malicious PyPi package 'pycord-self' targets Discord developers, stealing authentication tokens and creating a backdoor for remote control.
➡️ Introduced in June 2024, downloaded 885 times.
➡️ Token theft and backdoor installation are the primary malicious functions.
➡️ Developers should verify package sources, review code, and use scanning tools to enhance security.

https://news.lavx.hu/article/malicious-pypi-package-poses-threat-to-discord-developers-a-deep-dive

#PyPI #DiscordAPI #CyberSecurity #TokenTheft #Backdoor #Malware #DevOps #Python