API tools faq
paste
Advertisement
baptx

instagram-api_send_message

baptx
Jan 18th, 2020 (edited)
5,330
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.42 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. Instagram API: send direct messages from a web browser
  3.  
  4. Since April 2020, Instagram has a web version to send and read direct messages so my Instagram scripts are not longer needed and I would not recommend using them unless you really need it, to avoid being banned
  5. (never happened to me with Instagram but WhatsApp is owned by Facebook also and they did it to users registering from an unofficial app like yowsup: https://github.com/tgalal/yowsup/commit/88b8ad9581fa22dac330ee3a05fec4e485dfa634#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5)
  6.  
  7. For browser setup, see script instagram-api_direct_messages_backup.js
  8. Instagram web version sessionid cookie does not allow sending messages so we need to log in manually
  9.  
  10. Signature should match signed_body data (using HMAC-SHA256 with private key) but wrong signature or key may work also.
  11. You don't need to get the private key yourself since people already got it but here are interesting links explaining how to get it:
  12. https://eliasbagley.github.io/reverseengineering/2016/12/02/reverse-engineering-instagram-api.html
  13. http://www.will3942.com/reverse-engineering-instagram
  14.  
  15. Signature and deviceID can be generated with this Node.js script instagram_signature.node.js (based on instagram-private-api fork used by IG:dm)
  16. Replace XXX with appropriate values (CSRF token can be random or found in cookies of the web console on Instagram login page and IDs can be generated with Linux uuid command)
  17. Theses values should then be added to the script used in the web browser
  18.  
  19. var crypto = require('crypto');
  20.  
  21. var username = 'XXX';
  22. var password = 'XXX';
  23.  
  24. var deviceID = crypto.createHash('md5').update(username).digest('hex').slice(0, 16);
  25. console.log(deviceID);
  26.  
  27. var key = '937463b5272b5d60e9d20f0f8d7d192193dd95095a3ad43725d494300a5ea5fc'; // key to be used with user agent starting with "Instagram 85.0.0.21.100"
  28. var data = '{"_csrftoken":"XXX","device_id":"android-' + deviceID + '","username":"' + username + '","password":"' + password + '","guid":"XXX","phone_id":"XXX","login_attempt_count":0}';
  29. var signature = crypto.createHmac('sha256', key).update(data).digest('hex');
  30. console.log(signature);
  31. */
  32.  
  33. /* Usage */
  34. //InstagramDMlogin(); // enter your credentials on the login page without logging in and call this function only once (page needs to refreshed after login)
  35. //InstagramDMsend("username", "Hi!");
  36.  
  37. function InstagramDMlogin()
  38. {
  39.     var form = document.getElementsByTagName("form")[0];
  40.     var username = form.getElementsByTagName("input")[0].value;
  41.     var password = form.getElementsByTagName("input")[1].value;
  42.    
  43.     // replace XXX with the values used when generating signature
  44.     var formData = new FormData();
  45.     formData.append("signed_body", 'XXX.{"_csrftoken":"XXX","device_id":"android-XXX","username":"' + username+ '","password":"' + password + '","guid":"XXX","phone_id":"XXX","login_attempt_count":0}');
  46.     formData.append("ig_sig_key_version", "4");
  47.    
  48.     var xhr = new XMLHttpRequest();
  49.     xhr.open("POST", "https://i.instagram.com/api/v1/accounts/login/");
  50.     xhr.withCredentials = true;
  51.     xhr.send(formData);
  52. }
  53.  
  54. async function InstagramDMsend(username, message)
  55. {
  56.     var userid = await getUserId(username);
  57.     var timestamp = Date.now();
  58.     var formData = new FormData();
  59.    
  60.     formData.append("csrftoken", "XXX"); // replace XXX with the values used when generating signature
  61.     formData.append("device_id", "android-XXX"); // replace XXX with the values used when generating signature
  62.     formData.append("_uuid", timestamp); // can be generated with Linux uuid command (don't need to be renewed, timestamp can be used instead)
  63.     formData.append("recipient_users", "[[" + userid + "]]"); // user id can be found on https://www.instagram.com/username/?__a=1
  64.     formData.append("client_context", timestamp); // can be generated with Linux uuid command (timestamp can be used instead)
  65.     formData.append("text", message); // message to customize
  66.    
  67.     var xhr = new XMLHttpRequest();
  68.     xhr.open("POST", "https://i.instagram.com/api/v1/direct_v2/threads/broadcast/text/");
  69.     xhr.withCredentials = true;
  70.     xhr.send(formData);
  71. }
  72.  
  73. function getUserId(username)
  74. {
  75.     return new Promise(function(resolve) {
  76.         var xhr = new XMLHttpRequest();
  77.         xhr.open("GET", "https://www.instagram.com/" + username + "/?__a=1");
  78.         xhr.withCredentials = true;
  79.         xhr.addEventListener("load", function() {
  80.             var response = JSON.parse(xhr.responseText);
  81.             resolve(response.graphql.user.id);
  82.         });
  83.         xhr.send();
  84.     });
  85. }
  86.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!