Attention: This post is for educational purposes only. I highly advise you to respect Discord’s guidelines. Never share your token with anyone for any reason whatsoever. Do not run bots under a user account, bot accounts exist for a reason.
How it works
For quite a while Discord has added two measures to stop people from easily getting their Discord token, those are:
- Removing it from local storage as soon as the page is loaded
- Removing the localStorage window property
We use two tricks to circumvent these measures:
- Reloading the page, so that the token is still there
- Adding an iframe and using its localStorage (thanks Stackoverflow)
location.reload(); var i = document.createElement('iframe'); document.body.appendChild(i); alert(i.contentWindow.localStorage.token);
Edit: A commenter suggested adding
stop(); before the
alert( line to fix issues in Firefox.
In case you are using Chrome mobile, you can create a new bookmark for a page of your choice, open the bookmark list, tap on “edit” on the bookmark you just created and then insert
In Edge you can right click the link and add it to your reading list.
Thanks to https://mrcoles.com/bookmarklet/ for the awesome bookmarklet generator.