Posts:
23
Threads:
3
Joined:
May 2023
Reputation:
Credits: 8.3€ [Donate] first of all, sending the credentials to yourself via discord is REALLY bad opsec. you should figure out a more secure way of transferring those credentials first, before you even think about running it for real. here are some ideas:
1) write the credentials to a small database on your web server and dump that db regularly
2) (if you need a low-tech solution) check the logs of your web server, any credentials should be listed in clear text in the POST requests that you are receiving. logs are also not good OPSEC but at least your web site is not directly connected to you like a discord account is (I hope)
3) use fetch or a similar API to forward the credentials to a 3rd party site like a pastebin and check that site regularly (this is the most anonymous, if you use TOR/i2p) but some ppl might also get a hold of the credentials. if you want to get around that, encrypt them first with PGP or sth similar)
4) if you want to use some kind of messaging bot, use jabber rather than discord. discord messages are sent in clear text with full oversight of the company and the accounts are linked to ur identity. discord does not work over tor afaik.
NOW, THE ACTUAL QUESTION:
chrome and firefox give warnings because they check if the ssl certificate that your site is sending is the same certificate that instagram.com has. thats the one purpose of ssl certificates. there isn't much you can do about that except hope that some ppl are retarded enough to ignore the warnings. that's the phishing business m8
you could, perhaphs, do sth about it if the ssl certificate of instagram ever got leaked or if you had control over the DNS server that your victims use, because you could theoretically redirect their SSL certificate resolution requests to your own phony certificate server but i'm a bit wonky about the cryptography behind it maybe that doesn't even work anymore.
point is, obfuscating code won't do anything, the problem is your ssl certificate.