Results 1 to 4 of 4

Thread: Snapchat Login Attempt Limit, on Site?

  1. #1
    Lincoln's Avatar
    Joined
    Jun 2014
    Posts
    692
    Userbars
    6
    Thanks
    336
    Thanked
    452/232
    DL/UL
    18/0
    Mentioned
    86 times
    Time Online
    53d 14h 20m
    Avg. Time Online
    21m

    Snapchat Login Attempt Limit, on Site?

    (you need an account to see links)
    Can anyone verify what the limit is here? From my simple manual attempts, it doesn't seem to have a limit. Only have had the opportunity to try it by hand, however. The possibility that they are using a system of attempt-based bans that does not change the error message displayed (does not match password) is present but not likely. I don't have time to set up a brute force test to try to find the point (if any) at which login attempts are banned. Has anyone here tried it out?

    ---------- Post added at 04:27 PM ---------- Previous post was at 04:23 PM ----------

    (you need an account to see links)

    Using moble API. I am thinking that the same kind of flaw exists on the non-mobile version. If so, vulnerability to brute force is going to go up. Although brute force is not at all a successful way to attack, because it can take so long, the vulnerability still exists from what I can see.
    Be sure you put your feet in the right place, then stand firm.

  2. #2
    Zachafer's Avatar
    Joined
    Dec 2011
    Posts
    1,235
    Userbars
    11
    Thanks
    769
    Thanked
    1,466/678
    DL/UL
    98/0
    Mentioned
    512 times
    Time Online
    24d 13h 9m
    Avg. Time Online
    8m
    My Snapchat was brute-forced. I used a average strength password and someone managed to send spam from my account!

    I'll look into this later

  3. #3
    Lincoln's Avatar
    Joined
    Jun 2014
    Posts
    692
    Userbars
    6
    Thanks
    336
    Thanked
    452/232
    DL/UL
    18/0
    Mentioned
    86 times
    Time Online
    53d 14h 20m
    Avg. Time Online
    21m
    Quote Originally Posted by Zachafer View Post
    My Snapchat was brute-forced. I used a average strength password and someone managed to send spam from my account!

    I'll look into this later
    Finally got a response! Alright, thanks!
    Be sure you put your feet in the right place, then stand firm.

  4. #4
    Zachafer's Avatar
    Joined
    Dec 2011
    Posts
    1,235
    Userbars
    11
    Thanks
    769
    Thanked
    1,466/678
    DL/UL
    98/0
    Mentioned
    512 times
    Time Online
    24d 13h 9m
    Avg. Time Online
    8m
    In the SnapCrack python project on GitHub, looks like it's making a POST request to (you need an account to see links).

    PS aforementioned github project looks majorly ripped from (you need an account to see links)
    Code:
        def _request(self, endpoint, data=None, files=None,
                     raise_for_status=True, req_type='post'):
            return request(endpoint, self.auth_token, data, files,
                           raise_for_status, req_type)
    Code:
      def login(self, username, password):
            """Login to Snapchat account
            Returns a dict containing user information on successful login, the
            data returned is similar to get_updates.
    
            :param username Snapchat username
            :param password Snapchat password
            """
            self._unset_auth()
            r = self._request('login', {
                'username': username,
                'password': password
            })
            result = r.json()
            if 'auth_token' in result:
                self.auth_token = result['auth_token']
            if 'username' in result:
                self.username = username
            return result
    Code:
    URL = 'https://feelinsonice-hrd.appspot.com/bq/'
    
    def request(endpoint, auth_token, data=None, files=None,
                raise_for_status=True, req_type='post'):
        """Wrapper method for calling Snapchat API which adds the required auth
        token before sending the request.
    
        :param endpoint: URL for API endpoint
        :param data: Dictionary containing form data
        :param raise_for_status: Raise exception for 4xx and 5xx status codes
        :param req_type: The request type (GET, POST). Defaults to POST
        """
        now = timestamp()
        if data is None:
            data = {}
        data.update({
            'timestamp': now,
            'req_token': make_request_token(auth_token or STATIC_TOKEN,
                                            str(now))
        })
        headers = {'User-Agent': 'Snapchat/6.1.2 (iPhone6,2; iOS 7.0.4; gzip)'}
        if req_type == 'post':
            r = requests.post(URL + endpoint, data=data, files=files,
                              headers=headers)
        else:
            r = requests.get(URL + endpoint, params=data, headers=headers)
        if raise_for_status:
            r.raise_for_status()
        return r

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •