Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
if you use npm,
npm install byte-api
if you use yarn,
yarn add byte-api
All methods that interact with your user account (Most that query the api) require you to be authorized or logged in first, as shown below.
const Byte = require("byte-api");
const Client = new Byte.Client("YourAuthorizationToken");
Client.setProfileColor(1) // Sets the user's profile color
.then((res) => {
console.log(res);
})
Client.setBio("Just a random Bio") // Changes your BIO.
.then((res) => {
console.log(res);
})
Example of a follow + like + subscribe bot:
const Byte = require("byte-api");
const Client = new Byte.Client("YourAuthorizationToken");
let items = ["Nice!", "cool", "welcome", "awesome", "^~^"]
let i = 0;
;(async function container() {
let posts = await Client.getGlobalFeed()
for (let post of posts) {
i++;
await post.author.subscribe(post.authorID)
console.log(await post.loop());
console.log(await post.like());
await post.comment(items[Math.floor(Math.random()*items.length)])
await new Promise((resolve, reject) => setTimeout(resolve, 1500))
console.log(i)
}
container();
})();
There are some exceptions though, they're accessed in a different way.
const Byte = require("byte-api");
Byte.Isolated.checkName("potato") // Checks a usernames avability without the need for authorization.
.then((res) => console.log(res))
You can get a token by sniffing the http traffic of the app. in every request, there will be a header saying "Authorization: Token", copy that token and use it to logon. To do this, I used HttpCanary (From the Android App Store) and Nox App Player.
I'd love for people to help out!
I have no standards for accepting PRs or issues. Have a neat idea? impliment it and send it over, and if it works well I'll approve. Though I might reformat it to fit the style of the rest of the repository.
If you're better at Javascript then me, feel free to make corrections or tell me how I can do something better!
FAQs
Byte-API
We found that byte-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.