![]() The above will be encoded to JSON, So to test the password we have to post the data to this url Ig_sig, So the post body looks likes this… phone_id = ![]() Instagram uses HMAC Authentication for login stuff, so lets use python’s hmac library.īut first we have to build our body which will be encoded in json for it to actually sign with , All i have to do reverse engineer the apk and find the signature, lets call it ig_sig. Which is only present in their free apk from google play, Remember our Strength can be our Weakness This part is simple but may be difficult to setup, first i need to get instagram’s signature Step 2: Build a post request with Instagram’s signature. So by this we only have to make this request onceĪnd can use it for a year! How vulnerable is that?… So finally we just have to request the url and get the cookie named csrftoken, if we observe the response header weĬould see that our cookie only expires next year the same day. The random 32 character string can be generator using python’s simple uuid library, to be specific v4 of UUID. Getting the magic cookie is the simplest job, all we need to do is send a get request to, where the guid get parameter is a random 32 character string. Step 1: Get the magic cookie, which is used to verify device integrity! Wish to recreate this program in any other language. Instagram-Py uses a very simple algorimthm for checking passwords efficiently, this section is dedicated for those who Now you are ready to crack any instagram account, make sure your tor configuration matched ~/instapy-config.json Usageįinally, now you can use instagram-py! $ instagram-py your_account_username path_to_password_list Algorithm Uncomment ‘ControlPort’ by deleting the # before ‘ControlPort’, now save the file and restart your tor server ![]() # controller applications, as documented in control-spec.txt. Search for the file for this specific section # The port on which Tor will listen for local connections from Tor Open your tor configuration file usually located at /etc/tor/torrc $ sudo vim /etc/tor/torrc # open it with your text editor Tor : change everything according to your tor server configuration, do not mess up! Configuring Tor server to open control port Ig-sig_key : never change this unless new release, this is extracted from the instagram apk file User-agent : do not change this unless you know your stuff Located at ~/instapy-config.json, do not change anything except tor configuration $ vim ~/instapy-config.json # open it with your favorite text editior! Open your configuration file found in your home directory, this file is very important $ wget -O ~/instapy-config.json "" Configuring Instagram-Py ![]() $ # Now lets copy the config file to your hard drive! ![]() Make sure you have got the latest version of pip(>= 9.0 and python(>= 3.6) $ sudo easy_install3 -U pip # you have to install python3-setuptools, update pip But if your tor installation is misconfigured then the blame is on you.ĭepends on: python3, tor, requests, requests, stem Installation using pip to get Instagram-py ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |