Capture Bearer Token

Fetch and display Bearer tokens from all sites

  1. // ==UserScript==
  2. // @name         Capture Bearer Token
  3. // @namespace    http://tampermonkey.net/
  4. // @version      2.0
  5. // @description  Fetch and display Bearer tokens from all sites
  6. // @author       ForestArmy
  7. // @match        *://*/*
  8. // @grant        none
  9. // @license MIT
  10. // ==/UserScript==
  11.  
  12. (function() {
  13.     'use strict';
  14.  
  15.     function displayToken(token) {
  16.         console.log("Captured Bearer Token:", token);
  17.  
  18.         let existing = document.getElementById("token-box");
  19.         if (existing) return; // Prevent multiple displays
  20.  
  21.         let div = document.createElement("div");
  22.         div.id = "token-box";
  23.         div.style.position = "fixed";
  24.         div.style.top = "10px";
  25.         div.style.right = "10px";
  26.         div.style.background = "black";
  27.         div.style.color = "white";
  28.         div.style.padding = "10px";
  29.         div.style.borderRadius = "5px";
  30.         div.style.zIndex = "9999";
  31.         div.style.whiteSpace = "pre-wrap";
  32.         div.style.maxWidth = "90vw";
  33.         div.style.overflowX = "auto";
  34.         div.innerText = "Bearer Token: " + token;
  35.         document.body.appendChild(div);
  36.     }
  37.  
  38.     // Hook Fetch API
  39.     const originalFetch = window.fetch;
  40.     window.fetch = async function(...args) {
  41.         return originalFetch(...args).then(response => {
  42.             let requestHeaders = args[1]?.headers;
  43.             if (requestHeaders) {
  44.                 for (let header of Object.keys(requestHeaders)) {
  45.                     if (header.toLowerCase() === "authorization" && requestHeaders[header].startsWith("Bearer ")) {
  46.                         displayToken(requestHeaders[header]);
  47.                     }
  48.                 }
  49.             }
  50.             return response;
  51.         });
  52.     };
  53.  
  54.     // Hook XMLHttpRequest
  55.     const originalXHROpen = XMLHttpRequest.prototype.open;
  56.     XMLHttpRequest.prototype.open = function(method, url, async, user, password) {
  57.         this.addEventListener("readystatechange", function() {
  58.             if (this.readyState === 4) {
  59.                 let authHeader = this.getResponseHeader("Authorization");
  60.                 if (authHeader && authHeader.startsWith("Bearer ")) {
  61.                     displayToken(authHeader);
  62.                 }
  63.             }
  64.         });
  65.         return originalXHROpen.apply(this, arguments);
  66.     };
  67.  
  68.     // Hook Fetch Headers (Works for sites using new Header() API)
  69.     const originalHeaders = window.Headers;
  70.     window.Headers = function(init) {
  71.         if (init) {
  72.             for (let [key, value] of Object.entries(init)) {
  73.                 if (key.toLowerCase() === "authorization" && value.startsWith("Bearer ")) {
  74.                     displayToken(value);
  75.                 }
  76.             }
  77.         }
  78.         return new originalHeaders(init);
  79.     };
  80.  
  81.     // Hook WebSockets (Experimental)
  82.     const originalWebSocket = window.WebSocket;
  83.     window.WebSocket = function(...args) {
  84.         let ws = new originalWebSocket(...args);
  85.         ws.addEventListener("message", function(event) {
  86.             let data = event.data;
  87.             if (typeof data === "string" && data.includes("Bearer ")) {
  88.                 let match = data.match(/Bearer\s+([A-Za-z0-9._-]+)/);
  89.                 if (match) {
  90.                     displayToken(match[0]);
  91.                 }
  92.             }
  93.         });
  94.         return ws;
  95.     };
  96. })();