Reverse engineered Parler API

Related tags

Security related resources parler-tricks
Overview

Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020.

For the most part undocumented, but the error responses are already quite descriptive.

Any endpoint starting with /v3/ is protobuf-based. The .proto files can be found elsewhere.

Use it to solve fun mysteries such as:

  • Is my dad on Parler?
  • Who was on Parler before it first started gaining popularity when Candice Owens tweeted about in December 2018?
  • Which users have administration and moderation rights? (hint: (interactions >> 5) & 1 = moderator, (interactions >> 6) & 1 = admin)
  • What exactly is an "integration partner", and which media entities currently are they?
  • If Parler is really yet to come up with a business model for how to make money, then what exactly is a Campaign Promoter Management Network?
  • How does the payment integration that lets users be financially rewarded for their posts play into that?
  • Whenever John Matze says "influencer marketing" should I really be hearing, "we've created a pavlovian conditioning machine that rewards already gullible people for organically spreading disinformation campaigns"? (most likely)
  • Is Parler really the world's most secure social network? (no)

I rushed this just so I didn't have to stare at ghidra anymore. There might be bugs/typos. Patches welcome.

Usage

from parler import Parler

parler = Parler('mst_cookie', 'jst_cookie') # You can also just do the login flow.
parler.user_api.get_profile_for_user(params={'id': 'a078092e6e2df507bfd12db4710202ab'})

Disclaimer

Digital Millennium Copyright Act (DMCA) USC § 1201 (f) states:

A person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.

You might also like...
Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

HCaptcha-Bypass Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. Not working? If it is not seeming to work for you

Dropout 17 Aug 23, 2021
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

null 282 Dec 30, 2022
HashDB API hash lookup plugin for IDA Pro
HashDB API hash lookup plugin for IDA Pro

HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms

OALabs 237 Dec 21, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 9, 2022
RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

RapiDAST RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API. Its core engine is OWASP Z

Red Hat Product Security 17 Nov 11, 2022
AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not
AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not. The program requests the hash of the file and outputs information (if any). This version will output: the file type, names seen in the wild, the number of security vendors that have flagged it as malicious, undetected, and unable to process the file.

Kirk 1 Jan 3, 2022
Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify
Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify

Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify

DW Dariel 5 Dec 3, 2022
A passive-recon tool that parses through found assets and interacts with the Hackerone API
A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

elbee 4 Jan 13, 2022
DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.
DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

null 2 Feb 5, 2022
Comments
  • mst and jst cookies not available

    mst and jst cookies not available

    Parler seems to have updated its cookies. Now I can only see a PHPSESSID and a parler_auth_token in my developers tools when logged in to my parler account.

    Will the code be updated to the new mechanism?

    opened by Juvojic 0
Owner
I pretend to be a security researcher on Twitter.
null
GitHub
Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features -> Create a hidden service -> Generate non-staged payload (python/meterpreter_rev

calfcrusher 80 Dec 21, 2022
Flutter Reverse Engineering Framework

This framework helps reverse engineer Flutter apps using patched version of Flutter library which is already compiled and ready for app repacking. There are changes made to snapshot deserialization process that allow you perform dynamic analysis in a convenient way.

PT SWARM 910 Jan 1, 2023
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

Paolo 'VoidSec' Stagno 199 Jan 4, 2023
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Re-Scripts IA32-VMX-Helper (IDA-Script) IA32-MSR-Decoder (IDA-Script) IA32 VMX Helper It's an IDA script (Updated IA32 MSR Decoder) which helps you to

Behrooz Abbassi 16 Oct 8, 2022
An advanced multi-threaded, multi-client python reverse shell for hacking linux systems

PwnLnX An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out

0xTRAW 212 Dec 24, 2022
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

neeraj 95 Dec 26, 2022
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the effor

Paul Sokolovsky 380 Dec 28, 2022
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

KIEN HOANG 17 Nov 9, 2022