Check out DxxxxY/TokenAuth, a session id login mod.
1.12.2 version WITHOUT discord tokens.
1.18 version WITH discord tokens.
-
Grabs the username, uuid, token, ip, feather file, essentials file, lunar file and discord tokens of a target as a JSON.
-
Apparently switching the feather or essential files with yours grants you infinite access to their account thanks to the refreshToken. (Unconfirmed, ask Annah#5795)
-
Additionally, it stores a formatted session string ready to use with DxxxxY/TokenAuth.
-
JavaScript backend server which:
- Checks if all fields in the JSON are present.
- Controls requests and filters out spam requests by IPs.
- Validates the token with Minecraft Auth servers before proceeding to output the data.
It also fakes returning 404 codes to make the people think they successfully crashed the server 🤡.
-
Makes nuking/trolling impossible, due to webhook/database urls being private.
-
Can be easily be hosted on Heroku. (Tutorial available here)
-
Can be easily configured to either use
Discord WebhooksorMongoDBor both. -
Bypasses PizzaClient's SessionProtection.
-
Can be easily hidden/camouflaged in other mods (1 single class). (Tutorial available here)
-
Uses:
- Express for the backend server.
- MongoDB for storing ratted users.
- Discord API for sending messages to webhook.
A video tutorial is available here.
If you're having difficulties, you can try Hephaestus, the automatic R.A.T builder.
-
Server
- Clone the repository.
- Install dependencies.
- Run the server.
-
Mod
- Follow 1.8.9ForgeTemplate#setup to setup your mod environment.
- Change url to your server and change some other stuff to make it ✨unique✨.
- Build the mod.
- (Optional) Obfuscate the mod.
This is for educational purposes only. I am not responsible for any damage caused by this tool.
GPLv3 © dxxxxy