Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
bungie-platform
Advanced tools
This is the platform.js file from bungie.net used to do nearly everything. It's reverse engineered and made available as a node.js module.
Note: This is not maintained or endorsed by bungie. I'm not affiliated with bungie in any way (although I'd wish I was).
Node 1.10.x or later
There are 2 ways to install the library. If you want to use this module in your own application.
npm install bungie-platform --save
Or if you just want to check out the API:
git clone git@github.com:SargoDarya/bungie-platform.git
cd bungie-platform
node sample
Then head to http://localhost:8080/api/
and you can see all exposed calls. There's also a sample
API doc available on heroku at http://bungie-platform.herokuapp.com.
To use the platform just require it and initialize it with a valid cookie. For the API to work correctly you need the bungledid, bungled and the bungleatk values from the cookie.
var BungiePlatform = require('bungie-platform');
var platform = BungiePlatform(YourCookieString);
var successCallback = errorCallback = function(data) { console.log(data) };
platform.userService.GetCurrentUser(successCallback, errorCallback, null)
.done(function(data) {
// This is called on success
})
.fail(function(err) {
// This is called on error
});
Note that almost all if not every platform method returns a deferred while also calling success and error callbacks. There are methods which don't require a valid cookie (consider them public) and there are methods which require a valid logged in user (consider them private).
As the platform.js is currently just reverse engineered from a minified file and a bit modified to be able to use it in node.js there are no complete API docs. I'm still in the process of fixing that up so the API docs are actually usable but 300 methods is a lot to document and reverse engineer.
All contributions are welcome. If you want to contribute, follow these steps:
Look for something you want to contribute
Fork the repository
Work on the feature or enhancement until it is completed
Do a Pull Request and give a short explanation of what you did
If everything is fine the pull request gets merged.
This project is not affiliated with, maintained, authorized, endorsed or sponsored by Bungie.
FAQs
An accessor library for the bungie.net platform
We found that bungie-platform demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.