SHARE
TWEET

instagram-api_send_message

baptx Jan 18th, 2020 (edited) 850 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2. Instagram API: send direct messages from a web browser
  3.  
  4. For browser setup, see script instagram-api_direct_messages_backup.js
  5. Instagram web version sessionid cookie does not allow sending messages so we need to log in manually
  6.  
  7. Signature should match signed_body data (using HMAC-SHA256 with private key) but wrong signature or key may work also.
  8. You don't need to get the private key yourself since people already got it but here are interesting links explaining how to get it:
  9. https://eliasbagley.github.io/reverseengineering/2016/12/02/reverse-engineering-instagram-api.html
  10. http://www.will3942.com/reverse-engineering-instagram
  11.  
  12. Signature and deviceID can be generated with this Node.js script instagram_signature.node.js (based on instagram-private-api fork used by IG:dm)
  13. Replace XXX with appropriate values (CSRF token can be random or found in cookies of the web console on Instagram login page and IDs can be generated with Linux uuid command)
  14. Theses values should then be added to the script used in the web browser
  15.  
  16. var crypto = require('crypto');
  17.  
  18. var username = 'XXX';
  19. var password = 'XXX';
  20.  
  21. var deviceID = crypto.createHash('md5').update(username).digest('hex').slice(0, 16);
  22. console.log(deviceID);
  23.  
  24. var key = '937463b5272b5d60e9d20f0f8d7d192193dd95095a3ad43725d494300a5ea5fc'; // key to be used with user agent starting with "Instagram 85.0.0.21.100"
  25. var data = '{"_csrftoken":"XXX","device_id":"android-' + deviceID + '","username":"' + username + '","password":"' + password + '","guid":"XXX","phone_id":"XXX","login_attempt_count":0}';
  26. var signature = crypto.createHmac('sha256', key).update(data).digest('hex');
  27. console.log(signature);
  28. */
  29.  
  30. /* Usage */
  31. //InstagramDMlogin(); // enter your credentials on the login page without logging in and call this function only once (page needs to refreshed after login)
  32. //InstagramDMsend("username", "Hi!");
  33.  
  34. function InstagramDMlogin()
  35. {
  36.     var form = document.getElementsByTagName("form")[0];
  37.     var username = form.getElementsByTagName("input")[0].value;
  38.     var password = form.getElementsByTagName("input")[1].value;
  39.    
  40.     // replace XXX with the values used when generating signature
  41.     var formData = new FormData();
  42.     formData.append("signed_body", 'XXX.{"_csrftoken":"XXX","device_id":"android-XXX","username":"' + username+ '","password":"' + password + '","guid":"XXX","phone_id":"XXX","login_attempt_count":0}');
  43.     formData.append("ig_sig_key_version", "4");
  44.    
  45.     var xhr = new XMLHttpRequest();
  46.     xhr.open("POST", "https://i.instagram.com/api/v1/accounts/login/");
  47.     xhr.withCredentials = true;
  48.     xhr.send(formData);
  49. }
  50.  
  51. async function InstagramDMsend(username, message)
  52. {
  53.     var userid = await getUserId(username);
  54.     var timestamp = Date.now();
  55.     var formData = new FormData();
  56.    
  57.     formData.append("csrftoken", "XXX"); // replace XXX with the values used when generating signature
  58.     formData.append("device_id", "android-XXX"); // replace XXX with the values used when generating signature
  59.     formData.append("_uuid", timestamp); // can be generated with Linux uuid command (don't need to be renewed, timestamp can be used instead)
  60.     formData.append("recipient_users", "[[" + userid + "]]"); // user id can be found on https://www.instagram.com/username/?__a=1
  61.     formData.append("client_context", timestamp); // can be generated with Linux uuid command (timestamp can be used instead)
  62.     formData.append("text", message); // message to customize
  63.    
  64.     var xhr = new XMLHttpRequest();
  65.     xhr.open("POST", "https://i.instagram.com/api/v1/direct_v2/threads/broadcast/text/");
  66.     xhr.withCredentials = true;
  67.     xhr.send(formData);
  68. }
  69.  
  70. function getUserId(username)
  71. {
  72.     return new Promise(function(resolve) {
  73.         var xhr = new XMLHttpRequest();
  74.         xhr.open("GET", "https://www.instagram.com/" + username + "/?__a=1");
  75.         xhr.withCredentials = true;
  76.         xhr.addEventListener("load", function() {
  77.             var response = JSON.parse(xhr.responseText);
  78.             resolve(response.graphql.user.id);
  79.         });
  80.         xhr.send();
  81.     });
  82. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top