Skip to content
← Back to Community
EekChat - a secure online chatroom
Profile icon
tussiez

EekChat!

Recently, I've been seeing more and more chatrooms on Repl.it, so I guess I'll add mine to the list.

My friends and I usually used Gmail for conversations, but it tended to be slow at responding, and since almost everything was blocked on school computers, it was our only way to communicate "quickly". So I decided to make EekChat! It's a basic chatting application written in JavaScript with node.js and socket.io.

UPDATE

I rewrote all of the server and client script code, and with this, we have the following changes:

  • 12/24/2020: Chatroom should be fixed :)

  • Repl.it authentication, no more need to log in with your Google account!

  • Way less bugs and random crashes!

  • Optimizations

  • Way cleaner code

  • Profanity is censored

  • All of the account verification is done solely on the server, which makes it impossible to hack or impersonate, as the server will only accept usernames from Repl.it's auth headers.

  • The Send button works!

Features

  • Markdown support!
  • Anti-hack
  • Censors
  • Anti-spam
  • Repl.it login
  • <script> and HTML elements are blocked!
  • "X person is typing".. box
  • Chat saves
  • Automatic re-logon
  • (Coming soon): Messages and login data saved will be encrypted
  • In forked Repls with custom group members set, theoretically it should be difficult for outsiders to join

DISCLAIMER

Here are some things you may want to be aware of when using this app:

  • As I stated earlier, messages are saved indefinitely and can be viewed by others long after you leave the chatroom. Keep this in mind when writing messages.
  • Messages sent are encrypted, but messages saved aren't (sending with HTTPS, saving in plain text)

Have fun!

Voters
Profile icon
SkummAlt
Profile icon
SelenaYang1
Profile icon
Unclyscam123
Profile icon
aww7
Profile icon
maxina
Profile icon
HimanshuShekha4
Profile icon
AustinCharb
Profile icon
DSAChristophr20
Profile icon
SwaroopBappanad
Profile icon
Squirrel777
Comments
hotnewtop
Profile icon
CyberDaDev
Profile icon
tussiez

@CyberHacker101 Yeah
You got 10 cycles from us just clicking upvote on the comments :)

Profile icon
CyberDaDev

wow, I just said "don't expose me" a billion times. @tussiez

Profile icon
Baconman321

@tussiez But srsly, try making session tokens. Might take a bit to figure out, but basically you generate a token for a user and send that token to the server. If the token isn't valid, don't send the message because it might be an impersonator. Also, make the token expire after some time as to make it harder to hack.

Profile icon
CyberDaDev

tHiS mE eVeRdAY
Screenshot 2020-12-21 at 11.51.48 AM
@Baconman321

Profile icon
tussiez

@Baconman321 I've added session tokens, they don't expire, but they're never passed to other users. It stays on client and server, and they're deleted after the user leaves.

Profile icon
tussiez

@CyberHacker101
Reminds me of SortaCraft, genius concept, terrible programming

Profile icon
Baconman321
Profile icon
tussiez

@Baconman321 Theoretically, it should be impossible to acquire these session keys without listening to the socket, which is already encrypted, which encrypts the messages and account data.

Profile icon
Baconman321

@tussiez That's great! Also, change the chat.txt to chat.json and encrypt it using an encryption method. You can store the key in an env file.

Profile icon
Baconman321

@tussiez IDK much about sockets because I never really need to use them...

Profile icon
tussiez

@Baconman321 I definitely should.

Profile icon
CyberDaDev

yup also ur very bad at organizing @tussiez

Profile icon
tussiez

@Baconman321 Socket.IO makes it really easy, if you ever need to learn.. the entire library can be used in simple send and recieve event handlers.

Profile icon
tussiez

@CyberHacker101 It isn't my best programming, but it works!
@Baconman321
I'm going to add the save encryption soon. I need to do my homework right now though, so I'll come back to it later.

Profile icon
CyberDaDev

sToP wItH tHe pInGs gUyS @tussiez @Baconman321

Profile icon
Baconman321

@tussiez Anything with .io is blocked for me, but only if I look it up or in an iframe (HaHa adults think kids are dum, well I just outsmurted them. Just fetch the webpage and display it as srcdoc LOL).

Profile icon
tussiez
Profile icon
Baconman321

LOL it will happen if anyone replies to ur comment. As you see, I left out your name. This should still ping you though :/

Profile icon
tussiez

@Baconman321 oof I just realized that the link really is socket.io

Profile icon
CyberDaDev
Profile icon
tussiez

Yeah, if it's on the correct thread.

Profile icon
CyberDaDev

Now seriously stop with the pings T^T @Baconman321

Profile icon
CyberDaDev

Right now I'm getting pinged by 40 different people @tussiez

Profile icon
Baconman321

@tussiez Remember, it only works on web browsers/iframes. If I link socket.io it will work because it is a web asset, not an iframe or a web search. It will work on nodejs because that is backend, not client side. However, like I said it will work on client side as long as I don't put it in an iframe.

Profile icon
Baconman321

@tussiez Imagine knowing more about the monitoring equipment the school uses than the school.
oh and cyberhacker, just click the notifications and wait like 1 second. Then the notifications alert goes away.

Profile icon
tussiez

Yeah. I read a book for 5 minutes and repl blows up lol

Profile icon
CyberDaDev

Hmmm it didn't [email protected]

Profile icon
CyberDaDev

I really don't like the part where it says "mostly" secure @tussiez

Profile icon
CyberDaDev

And plz add the part where we can change our username
@tussiez

Profile icon
tussiez

@CyberHacker101 Oof
When I finish my schoolwork, I'll get to encrypting saved chat messages

Profile icon
tussiez

@CyberHacker101 Hommmeeewwwoooooorrrrrk

Please waiiiittt

Profile icon
CyberDaDev

I have no patience xD @tussiez

Profile icon
tussiez

@CyberHacker101 20 cycles lol
ee

Profile icon
CyberDaDev

Every single comment gives u a upvote @tussiez

Profile icon
CyberDaDev

Confusing Comments are illegal

Profile icon
tussiez

Yes.

Profile icon
Whippingdot

Can you make a sign in with repl.it. @tussiez

Profile icon
CyberDaDev

They're working on it @Whippingdot

Profile icon
tussiez
Profile icon
CyberDaDev

I don't know what to say after someone says ? @tussiez

Profile icon
tussiez

@CyberHacker101 I'm confused about what you're talking about, I can only see the current comment
sorry :)

Profile icon
CyberDaDev

@tussiez
Screenshot 2020-12-22 at 9.12.15 AM

Profile icon
tussiez
Profile icon
CyberDaDev

Woah didn't you have 300 cycles? @tussiez

Profile icon
tussiez

@CyberHacker101 I don't believe so

Profile icon
CyberDaDev

Hmmm did you fix the chat? Did you make it to sign in with repl? @tussiez

Profile icon
CyberDaDev

HURRY UP AND CHANGE IT IMA GET EXPOSED @tussiez

Profile icon
tussiez

@CyberHacker101 It seems like it'll take some time to figure out exactly how to use Repl.it auth (it's in Python) I'll figure it out soon enough.
However chat is working, I'll just anem everyone 'annonymous'

Profile icon
CyberDaDev

NOooooo name everybody "anonymous or cyberhacker" @tussiez

Profile icon
tussiez
Profile icon
CyberDaDev

You also spelled "anonymous" wrong. HAHHAHHA ME AM BIG BRAIN @tussiez

Profile icon
CyberDaDev
Profile icon
CyberDaDev

It failed the comments don't show @tussiez

Profile icon
CyberDaDev

Hmmmm.... We Couldn't Reach Your Repl
Make sure your repl has a port open and is ready to receive HTTP traffic.
Return to Repl.it? @tussiez

Profile icon
tussiez
Profile icon
tussiez

@CyberHacker101 yes i bad at speeling

Profile icon
CyberDaDev

ur gonna have to change this

@tussiez

Profile icon
tussiez
Profile icon
tussiez
Profile icon
CyberDaDev

Again spelling ME AM ULTIMATE BIG BRAIN @tussiez

Profile icon
CyberDaDev
Profile icon
CyberDaDev

U broke it @tussiez

Profile icon
CyberDaDev

Yoo i figured it out in python @tussiez

Profile icon
CyberDaDev

nvm it node @tussiez

Profile icon
CyberDaDev

JOIN THE INVITE @tussiez

Profile icon
Crosis

@Baconman321 how do u do that

Profile icon
Baconman321

@Crosis Do what?

Profile icon
CyberDaDev

Search it up lol @Crosis

Profile icon
CyberDaDev

Holy cow one day you have 249 cycles and the next you got 366 cycles @Baconman321

Profile icon
Baconman321

@CyberHacker101 It's been almost a month... -_-

Profile icon
CyberDaDev

Oof I've been on repl for the past weeks @Baconman321

Profile icon
tussiez

@CyberHacker101 duuuude repl is blowing up with notifications
SPelling?

Profile icon
CyberDaDev

hmmm can you help? @tussiez

Profile icon
tussiez

@CyberHacker101 With what again? Sorry

Profile icon
Baconman321

@CyberHacker101 XD u must not have seen me a lot then.

Profile icon
CyberDaDev

WIth a repl @tussiez

Profile icon
CyberDaDev

eh wanna help
? @Baconman321

Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
Baconman321

@CyberHacker101 What for?

Profile icon
CyberDaDev
Profile icon
Baconman321

@CyberHacker101 Your chat?

Profile icon
JustinDeeley
Profile icon
HimanshuShekha4

**@CyberHacker101 huh ....😂😂 same with me **

Profile icon
tussiez
Profile icon
HimanshuShekha4

@tussiez why did you named it as "Eek chat" ?

Profile icon
tussiez

@HimanshuShekha4 It’s 11:21 PM where I live :)
I used to name my apps with Eek for some strange reason a while ago, so I don’t really know

Profile icon
CyberDaDev
Profile icon
CyberDaDev
Profile icon
CyberDaDev

Hmm eKeY cHaT @tussiez

Profile icon
CyberDaDev
Profile icon
tussiez

@CyberHacker101 Eek looks like a place..

Profile icon
dudeactualdev

@tussiez Sry, but this doesnt work :/

Profile icon
tussiez

@RyanGardiner1 Used to... I’ll try to fix it later today. Stay tuned! :)

Profile icon
johnnyfrancis

Error: ENOENT: no such file or directory, stat '/home/runner/EekChatlogin.html'

Profile icon
tussiez

@johnnyfrancis I have no idea what's pointing to that file, but it doesn't exist. The error is harmless though..

Profile icon
johnnyfrancis

@tussiez hmm. Thats weird

Profile icon
Squirrel777

This is great! Could use some CSS though...

Profile icon
tussiez

@Squirrel777 Yeah, I kept it simple.

Profile icon
Kokuhou

Cool!

Profile icon
tussiez

@Kokuhou Thanks!

Profile icon
foodandmoarfood

Who here is "Santa Claus" in the chat?!

Profile icon
foodandmoarfood

Great chat program though
Maybe add a way to change your name viewed, instead of creating a fake Google account?

Profile icon
tussiez
Profile icon
Bookie0

Do we have to sign in with google? What about using repl auth? ;)
Screen Shot 2020-12-21 at 2.40.07 PM

and maybe a favicon?
Screen Shot 2020-12-21 at 2.40.21 PM
and why is everything squished to that side lol? center it, make it longer!!

Screen Shot 2020-12-21 at 2.41.42 PM
try making the text box a bit nicer, and a bit higher up so it kinda "connects" with the chats above.

You could also try adding markdown.

And also the ability to either choose a name that will display as your username as some folks don't really want to use their google account name. And what if you don't have google...

and maybe a language filter for bad words..?

Anyways pretty good job! :D

Profile icon
tussiez

@Bookie0

  1. Yeah, I've have to familiarize myself with Repl.it authentication
  2. It was written quickly since I was tired of Gmail, so isn't super polished
  3. It should have been centered. Weird, I'll look into it later.
  4. Again, I wrote this in a night or two, it has pretty simplistic CSS.
  5. Sure!
  6. I'll probably add this with Repl auth
  7. Sure!
    8.Yay! Thanks for the review
Profile icon
tussiez

@Bookie0 By the way, is it possible to use Repl.it auth on just node.js? I'm a noob at Python :)

Profile icon
Bookie0

@tussiez
ok
ok
ok
ok
yay
ok
yay
ok np! :D

Profile icon
Bookie0

@tussiez yeye i think so, ive seen some chats already with repl auth

check this (but it uses express

and this maybe it could help! :D

Profile icon
tussiez
Profile icon
tussiez

@Bookie0 Express is a node.js library, should work.
Thanks!

Profile icon
Bookie0

huzzah! @tussiez

Profile icon
Bookie0

@tussiez okie dokie, gl! :D

Profile icon
tussiez
Profile icon
CyberDaDev

this is funny to a normal person not that funny to a coder
Screenshot 2020-12-21 at 2.10.33 PM

Profile icon
tussiez

@CyberHacker101 FLOAT:NONE

Profile icon
CyberDaDev

eh it really looks like a deformed cat @tussiez

Profile icon
CyberDaDev

Hey, wanna see something I made? @tussiez

Profile icon
tussiez
Profile icon
zplusfour

@CyberHacker101 css programmers in a nutshell

Profile icon
zplusfour

we miss you @eekboi we miss you for moderation

Profile icon
tussiez

@ZDev1 ????

Profile icon
Kookiez

@tussiez eekboi was a mod

Profile icon
zplusfour

@tussiez you dunno eek?

Profile icon
Kookiez

@ZDev1 i think @tussiez joined repl after eek wasn't a mod

Profile icon
zplusfour

@Kookiez oh yes

Profile icon
tussiez

@Kookiez Yeah, eek just came to mind for me lol

Profile icon
zplusfour
Profile icon
tussiez

@ZDev1 Yee

Profile icon
JBloves27
Profile icon
zplusfour
Profile icon
JBloves27
Profile icon
[deleted]

@ZDev1 <3 I miss you all too!

Profile icon
tussiez

@eekboi It's you

Profile icon
zplusfour
Profile icon
[deleted]

@tussiez It is!

Profile icon
CyberDaDev

Hmmm, how's sorta-craft?

Profile icon
Baconman321

@CyberHacker101 We're working on gravity (I'm collaborating with tussiez). Later on we might make a saving option...

Profile icon
CyberDaDev

Hmmm goood I'm working on Minecraft clone try 6842 mk 2kxY343 @Baconman321

Profile icon
tussiez
Profile icon
CyberDaDev
Profile icon
tussiez

@CyberHacker101 What do you mean by 23427r2u9g

Profile icon
tussiez

@tussiez merry christmas >40cycles!

Profile icon
Baconman321

@CyberHacker101 ? Wut are you trying to say?

Profile icon
tussiez

@Baconman321 I have no idea

Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
CyberDaDev

Ur chat is broken uh I really think it not a good idea to let people to login with google ig its better if ya make it login with repl or let you change ur username

Profile icon
CyberDaDev

And this is very good for people who want to stay anonymous. @tussiez

Profile icon
tussiez

@CyberHacker101 Yeah, it was intended to be a private chat.
I'm fixing the anti-spam, pelas wait

Profile icon
CyberDaDev

well just dont change the part where you can change your name @tussiez

Profile icon
tussiez

@CyberHacker101 You can't

Profile icon
Baconman321

How did u do google verification?! :O

Profile icon
tussiez
Profile icon
CyberDaDev

well you still don't know my first name eh

Profile icon
tussiez
Profile icon
CyberDaDev

Hmm, will my comments stay on there? @tussiez

Profile icon
tussiez

@CyberHacker101 I've wiped the chat a few times already

Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
CyberDaDev

also this came up... Authorization Error
Error 400: redirect_uri_mismatch
The JavaScript origin in the request, https://eekchat--tussiez.repl.co, does not match the ones authorized for the OAuth client. Visit https://console.developers.google.com/apis/credentials/oauthclient/${your_client_id}?project=${your_project_number} to update the authorized JavaScript origins.
Learn more

Profile icon
tussiez

@CyberHacker101 Try https://eekchat.tussiez.repl.co, I've registered it on OAuth as that.

Profile icon
tussiez

@tussiez They seem to behave as two different links.

Profile icon
CyberDaDev
Profile icon
CyberDaDev

I don't want to login with google

Profile icon
tussiez

@CyberHacker10 It was intended to be a private chat, but that's K! I'll see if I can disable it but will probably break something else

Profile icon
CyberDaDev

yo it says my full real name @tussiez

Profile icon
tussiez

@CyberHacker101 yeah, I made a fake Google account for this

Profile icon
CyberDaDev

I don't want to be exposed @tussiez

Profile icon
tussiez

@tussiez I can remove your message if you wish to stay private :)

Profile icon
CyberDaDev

Ehh nah just tell me how to sign [email protected]

Profile icon
tussiez

@CyberHacker101 Close the tab, your information shouldn't be saved

Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
CyberDaDev

Umm to much [email protected]

Profile icon
tussiez

Please!There's too much

Profile icon
CyberDaDev

~PROJECT ABANDONED~

Profile icon
tussiez

@CyberHacker101 Lol, replit had too many save issues

Profile icon
CyberDaDev

bro ive never seen someone use a comma in replit are you ok? @tussiez

Profile icon
tussiez

@CyberHacker101 Lol huh
image

Profile icon
CyberDaDev

Yeah forget what i said lol @tussiez

Profile icon
DerpBurgerPlayz

how did you get image and video support? can you tell me where to go to learn how to do this?

Profile icon
tussiez

@DerpBurgerPlayz video support?

Profile icon
DerpBurgerPlayz

@tussiez aaaa sorryyy

Profile icon
DerpBurgerPlayz

@tussiez image support~

Profile icon
tussiez

@DerpBurgerPlayz lol, but i can help

Profile icon
tussiez

@DerpBurgerPlayz Send an image URL on server, client makes an img element and displays

Profile icon
DerpBurgerPlayz

@tussiez wat -confused derp noises-

Profile icon
tussiez

@DerpBurgerPlayz ?

  1. Send the url of the image e.g https://hey.foodandmoarfood.repl.co/img/wheat.png

  2. On the website, load the img

const makeImage = (url) => { return new Promise((resolve,reject) => { let img = document.createElement('img'); img.setAttribute('src',url); img.onload = () => { resolve(img) } }); }
Profile icon
DerpBurgerPlayz

@tussiez ur a god, thank you!

Profile icon
tussiez
Profile icon
DerpBurgerPlayz

[email protected] oofs, it wont work thanks for the help!

Profile icon
DerpBurgerPlayz

@tussiez in return for helping me, do you want me to tell you how to make a basic custom context menu?

Profile icon
tussiez

@DerpBurgerPlayz F, here's another

function img(url){ let im = document.createElement('img'); im.setAttribute('src',url); document.body.appendChild(im); return im; } img('https://hey.foodandmoarfood.repl.co/img/wheat.png');

Try that

Profile icon
tussiez

@Baconman321 EekChat is back!

Profile icon
tussiez

@tussiez works, check the Repl

Profile icon
Baconman321

@tussiez I made the web server tutorial!

Profile icon
tussiez

@Baconman321 Awesome!

Profile icon
CyberDaDev

When you open this on another tab in doesn't work

Profile icon
tussiez
Profile icon
CyberDaDev

Hmmmm what you doing on the multiplayer test thing? @tussiez

Profile icon
tussiez
Profile icon
CyberDaDev
Profile icon
HimanshuShekha4

I don't know man .. I am a Java guy

Profile icon
tussiez
Profile icon
HimanshuShekha4
Profile icon
inyourface3445

i get an error when i try to join:

Error: ENOENT: no such file or directory, stat '/home/runner/EekChatlogin.html'
Profile icon
tussiez

@inyourface3445 Working on it!

Profile icon
inyourface3445
Profile icon
tussiez

@inyourface3445 try: https://EekChat.tussiez.repl.co
?However this error pops up in Safari. Try Chrome

Profile icon
inyourface3445

@tussiez it still happens:

Error: ENOENT: no such file or directory, stat '/home/runner/EekChatlogin.html'

using chrome on a mac mini also happens on firefox and safari and chromeinuim

Profile icon
tussiez
Profile icon
CyberDaDev

Yoo tussiez ya fixed it. I can help with the CSS I really got a good idea with the profile pic

Profile icon
tussiez

@CyberHacker101 Yay and sure!

Profile icon
CyberDaDev

Why do u keep leaving and coming? @tussiez

Profile icon
tussiez

@CyberHacker101 Replying to comments

Profile icon
ironblockhd

To fix impersonating, set socket.username as the username on the serverside, then you can just read it on every request instead of giving the client control over it

Profile icon
tussiez

@ironblockhd Did that yesterday :)

Profile icon
CyberDaDev

@tussiez @Baconman321 Ima work on the chat tomorrow

Profile icon
tussiez
Profile icon
JBloves27

Pretty cool! But there is an error with the google login :(

Profile icon
CyberDaDev

@tussiez yoooooo I just noticed that ur profile pic looks like a deformed cat

Profile icon
tussiez

@CyberHacker101 It's wheat oof

Profile icon
CyberDaDev

I have been exposed. @tussiez DON'T TELL ANYONE OR YOU WILL HAVE 10 HARD LONG YEARS OF BAD LUCK YOU UNDERSTAND?!??!

Profile icon
tussiez
Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
CyberDaDev
Profile icon
tussiez

@CyberHacker101 What do you mean?

Profile icon
CyberDaDev

So I have been trying to clone Minecraft a billon times and after that many tries, I change each name @tussiez

Profile icon
CyberDaDev

wait a sec let me invite ya @tussiez

Profile icon
CyberDaDev
Profile icon
tussiez
Profile icon
tussiez
Profile icon
programmeruser

This can be spammed to [censored by @programmeruser] with devtools console:

const socket = io(); Array(1000).fill(null).forEach((_,i) => socket.emit('msg', { name:'Someone', profileImg:'https://repl.it', msg:String(i+1), time: 'Sorry (can you put a rate limit on msgs?)', }));
Profile icon
tussiez

@programmeruser lol
Fixing right now, thanks for telling me about the hack!

Profile icon
Baconman321

@programmeruser That's why I now put everything in an anonymous function XD.

Profile icon
programmeruser

@Baconman321 you can just use the io() function to get a reference to a socket.

Profile icon
tussiez
Profile icon
Baconman321

@programmeruser Can't they just use that then?

Profile icon
tussiez

@Baconman321 The anti-spam is server side

Profile icon
programmeruser

@tussiez

Date.now-sinceLastChat

Date.now() not Date.now

Profile icon
Baconman321

@tussiez Good idea. That way they can't tamper with it client side!

Profile icon
programmeruser

@Baconman321 it's so easy to impersonate people

const socket = io(); socket.emit('msg', { name:"tussiez's testaccount", profileImg:'https://lh6.googleusercontent.com/-dgT6Ex2alT0/AAAAAAAAAAI/AAAAAAAAAAA/AMZuuclrj2vdCjdQSgn1o71wgTFdbZZzdQ/s96-c/photo.jpg', msg: 'Hi there!', time: new Date().toLocaleString("en-US", {timeZone: "America/New_York"}), });
Profile icon
tussiez

@Baconman321 YOu can impersonate people though, will be fixing that will sign on keys or someting

Profile icon
tussiez

@programmeruser adding signon "keys" thanks again
It sounds sarcastic but this is super helpful

Profile icon
Baconman321

@programmeruser If he doesn't enforce strict checking (seeing if that user is in fact registered), then yeah it's quite easy. I don't think encrypting would do the trick, as people can just send the encrypted message. Might want to set a session token so as to make sure people don't impersonate you. That would require bit of effort though...

Profile icon
Baconman321

@tussiez Like I mentioned to programmeruser, use session tokens and send that to server-side to make sure people can't impersonate you without the token.

Profile icon
programmeruser

@tussiez also, image xss:

const socket = io(); socket.emit('msg', { name:"tussiez's testaccount", profileImg:'https://repl.it/logout', msg: 'Hi there!', time: new Date().toLocaleString("en-US", {timeZone: "America/New_York"}), });

Check the MIME type of the url:

const url = 'https://repl.it/logout'; //or whatever the url is (async () => { const res = await fetch(url); if (res.headers.get('Content-Type').indexOf('image/') === -1) alert('invalid url'); // or whatever })();
Profile icon
tussiez

@Baconman321 Should be working now..Idk

Profile icon
tussiez
Profile icon
programmeruser

@tussiez still insecure:

const socket = io(); const key = Math.floor(Math.random() * 9999); socket.on('goodtogo', code => { socket.emit('checkcode', {code, key, name: window.atob(window.location.href.split('?')[1].split('&')[1])}); socket.emit('msg', { name: "tussiez's testaccount", profileImg: 'https://lh3.googleusercontent.com/a-/AOh14GiU7DtwESR0DLRj5aAkBn5DhacdE2HD5B-wMWEN=s96-c', msg:'Hi There', time: (new Date()).toLocaleString('en-US', {timeZone: "America/New_York"}), key }); }); socket.emit('account', '');
Profile icon
tussiez

@programmeruser Maybe key isn't working, but it should be

Profile icon
tussiez

@tussiez Key is working now, try impersonating again
However, you can see session keys in chat.txt. I'll encrypt that soon.

Profile icon
tussiez

@tussiez Wait, I don't think so. Nevermind

Profile icon
inyourface3445

@programmeruser i managed to crash it with this bookmarklet:

javascript: (function(){const socket = io(); Array(1000).fill(null).forEach((_,i) => socket.emit('msg', { name:'Someone', profileImg:'https://repl.it', msg:String(i+1), time: 'Sorry (can you put a rate limit on msgs?)', }));})();
Profile icon
programmeruser

@inyourface3445 that's the exact same thing that I posted before.

Profile icon
tussiez

@inyourface3445 Should only crash your client, but hmm

Profile icon
tussiez

@tussiez Does it work still?

Profile icon
tussiez

@programmeruser Lol,just in a bookmarklet

Profile icon
programmeruser

@tussiez impersonating still works.

Profile icon
tussiez
Profile icon
programmeruser

@tussiez solution: use session cookies.

Profile icon
programmeruser

@tussiez also, I think I just broke the chat.

const send = (msg, username) => socket.emit('msg', { msg, name: username, profileImg: '', time: '' }); socket.on('msg', msg => send('Beep boop! You said: ' + msg.msg, 'EekChat Bot #1')); socket.on('msg', msg => send('Beep boop! You said: ' + msg.msg, 'EekChat Bot #2'));
Profile icon
tussiez

@programmeruser Absolutely no checks whatsoever! However these kinds of hacks can't really be "blocked"

Profile icon
tussiez

@tussiez You can only make it more difficult :/

Profile icon
CyberDaDev

Y U DO DIS TO ME????