π™šπ™§π™§π™š
  • 0 Posts
  • 6 Comments
Joined 2Y ago
cake
Cake day: Jun 17, 2023
help-circle
rss
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’What are some interesting accounts to follow on Mastodon?
link
fedilink
10β€’2Y

Realizing this blew my mind. Definitely more interesting than following people.

link
fedilink
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’What are these comments on lemmy posts?
link
fedilink
5β€’2Y

Curl didn’t return anything. They’re likely just using it to log requests since the request path contains the data they need.

link
fedilink
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’What are these comments on lemmy posts?
link
fedilink
4β€’2Y

I’d be willing to bet they’re using the API to make all the changes. The cookie has the jwt token. I don’t believe you need the username (at least judging by the js API docs).

link
fedilink
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’What are these comments on lemmy posts?
link
fedilink
42β€’
edit-2
2Y

Looks like it’s issuing a GET to https://zelensky.zip/save/{ENCODED_JWT_TOKEN_AND_NAV_FLAG}. The ENCODED_JWT_TOKEN is from btoa(document.cookie+nav_flag) where nav_flag is essentially 'navAdmin' if the account hit is an admin or '' if the user hit is not an admin (it checks if the admin button in the nav exists). Their server is likely logging all incoming requests and they just need to do a quick decoding to get jwt tokens and a flag telling them if it’s an admin account.

I’d be hesitant to visit Lemmy on a browser atm πŸ˜“

link
fedilink
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’Are you replacing Reddit with Lenny?
link
fedilink
28β€’2Y

Yep, Lemmy is filling a Reddit-shaped hole. It’s a bit different but nice.

link
fedilink
π™šπ™§π™§π™štoAsklemmy@lemmy.mlβ€’Which communities are you currently missing on Lemmy?
link
fedilink
1β€’2Y

r/latinopeopletwitter

link
fedilink