Client Message Wrapper["message"])Hmm, interesting. I opened the list to send more messages and I inspected the HTML and it turns out that that message has the ID 62. The reverse engineering I just did is 99% done on Chrome without the need of any other tools.Ah okay I see where I went wrong, message Id is some other ID, while the value is 62 for the pre-defined message. I remembered that while looking through the GET requests, I saw such a thing. Refresh the inbox page, and voila we have a message written. I won’t waste more time on this, my point’s proven. Gaining full membership features to a service that charges so highly was so easy as most of the security was done at the frontend, not the backend.We are at an age where data collection is technically easy for companies, and the users are willing to foolishly and unhesitantly give out their data, unaware of the The General Data Protection Regulation (GDPR) is coming on the 25th of May 2018.
Oh Damn, the chat is happening over websockets (I should’ve expected that). Moving over to websocket filtering in Chrome Network tab, gladly there was only one websocket to monitor.Okay let’s do the simplest thing, filter by word “famous”.