Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   2199

About to make a NEW Spotify config but need help with 1 more thing!

by Micro - 28 June, 2021 - 12:43 AM
This post is by a banned member (Micro) - Unhide
Micro  
Supreme
1.152
Posts
885
Threads
#1
OP 28 June, 2021 - 12:43 AM (This post was last modified: 28 June, 2021 - 12:49 AM by Micro. Edited 4 times in total.)
Spotify uses some weird data [which looks like some type of Session ID/token, but idk what it is or how its generated.
Its [S-1-5-21-6147441553-6019369126-5971802234].
It changes on every request, even with same credentials.
Code:
1 {
  1: "5029ea5811a6406e9dddd88e6d9ce547"
  2: "S-1-5-21-6147441553-6019369126-5971802234"
}
101 {
  1: "myuser"
  2: "mypass"
  3: "####################################"
}
[Image: tumblr_o4igioqRRY1qghl49o1_540.gifv]

Barely on C.to anymore...

Contact me using this link
This post is by a banned member (Osas420) - Unhide
Osas420  
Godlike
858
Posts
92
Threads
4 Years of service
#2
28 June, 2021 - 01:44 AM
Seems like its just a internal code to identify and log what traffic is going throu the API. For example that request will be stored internally and referred to as that string on lightly either a firewall program or a overview allowing Spotify to see if the servers are overwhelmed and they need to expand infrastructure for example one server getting too many requests maybe of a certain type not sure. I don't think its anything to worry about and i highly doubt you can use it for anything. As for how its generated no idea could be anything might even be completely random or might be a string counting up for every packet with time, date and signature really just speculation however i wouldn't worry about it seems like internal debugging stuff
SELLING NEWLY CREATED METHOD TO UPGRADE PERSONAL SPOTIFY ACCOUNTS FOR FREE (GOOD SERVICE TO START) 100% UNSATURATED
++++++
ANY SMS OR GSM HELP DROP ME A MESSAGE BELOW

TELEGRAM: @OSAS4200
 
This post is by a banned member (Styx) - Unhide
Styx  
Heaven
5.351
Posts
464
Threads
6 Years of service
#3
28 June, 2021 - 02:14 AM
These transactions are actually similar to CSRF tokens. Backend security measures include redundancy checks, request timeouts, request counts, and more.
[Image: ipnproxy.gif]
-
[Image: hostn.gif]
-
[Image: codething.gif]
This post is by a banned member (xAR3S) - Unhide
xAR3S  
Registered
11
Posts
1
Threads
4 Years of service
#4
08 July, 2021 - 06:29 PM
Typically, the first thing you should do is to try sending requests with the least amount of data. Sometimes tokens such as this are simply used for tracking purposes and are not really verified by the server such that it blocks your request.

If it is indeed verified, you can try to use the same token everytime. Occasionally, the server simply verifies if the token has a valid format or exists in a token session database.

If that doesn't work either, I'm afraid you need to look at the JS code that generates the token. Place a breakpoint on XHR (AJAX) events and trace back until you find the request generation code. Then try to replicate that in your config.

A completely different approach would be to use another API. So instead of the web login endpoint, try to make a config for the mobile app.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
 or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)

About Cracked.sh

Cracked.sh is a community forum that suits basically everyone. We provide cracking tutorials, tools, leaks, marketplace and much more stuff! You can also learn many things here, meet new friends and have a lot of fun!
If you would like to contact us, you can send our staff team a message.

Navigation

Extras

Help

Account