From 10b1d9c80f7c8c70f86f12c6ea4f0889651521bd Mon Sep 17 00:00:00 2001
From: Zed <zedeus@pm.me>
Date: Wed, 5 Feb 2025 19:03:47 +0100
Subject: [PATCH] Add Python script to create account sessions

---
 tools/get_session.py | 161 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 161 insertions(+)
 create mode 100644 tools/get_session.py

diff --git a/tools/get_session.py b/tools/get_session.py
new file mode 100644
index 0000000..9ff704d
--- /dev/null
+++ b/tools/get_session.py
@@ -0,0 +1,161 @@
+#!/usr/bin/env python3
+import requests
+import json
+import sys
+import pyotp
+
+# NOTE: pyotp and requests are dependencies
+# > pip install pyotp requests
+
+TW_CONSUMER_KEY = '3nVuSoBZnx6U4vzUxf5w'
+TW_CONSUMER_SECRET = 'Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys'
+
+def auth(username, password, otp_secret):
+    bearer_token_req = requests.post("https://api.twitter.com/oauth2/token",
+        auth=(TW_CONSUMER_KEY, TW_CONSUMER_SECRET),
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        data='grant_type=client_credentials'
+    ).json()
+    bearer_token = ' '.join(str(x) for x in bearer_token_req.values())
+
+    guest_token = requests.post(
+        "https://api.twitter.com/1.1/guest/activate.json",
+        headers={'Authorization': bearer_token}
+    ).json().get('guest_token')
+
+    if not guest_token:
+        print("Failed to obtain guest token.")
+        sys.exit(1)
+
+    twitter_header = {
+        'Authorization': bearer_token,
+        "Content-Type": "application/json",
+        "User-Agent": "TwitterAndroid/10.21.0-release.0 (310210000-r-0) ONEPLUS+A3010/9 (OnePlus;ONEPLUS+A3010;OnePlus;OnePlus3;0;;1;2016)",
+        "X-Twitter-API-Version": '5',
+        "X-Twitter-Client": "TwitterAndroid",
+        "X-Twitter-Client-Version": "10.21.0-release.0",
+        "OS-Version": "28",
+        "System-User-Agent": "Dalvik/2.1.0 (Linux; U; Android 9; ONEPLUS A3010 Build/PKQ1.181203.001)",
+        "X-Twitter-Active-User": "yes",
+        "X-Guest-Token": guest_token,
+        "X-Twitter-Client-DeviceID": ""
+    }
+
+    session = requests.Session()
+    session.headers = twitter_header
+
+    task1 = session.post(
+        'https://api.twitter.com/1.1/onboarding/task.json',
+        params={
+            'flow_name': 'login',
+            'api_version': '1',
+            'known_device_token': '',
+            'sim_country_code': 'us'
+        },
+        json={
+            "flow_token": None,
+            "input_flow_data": {
+                "country_code": None,
+                "flow_context": {
+                    "referrer_context": {
+                        "referral_details": "utm_source=google-play&utm_medium=organic",
+                        "referrer_url": ""
+                    },
+                    "start_location": {
+                        "location": "deeplink"
+                    }
+                },
+                "requested_variant": None,
+                "target_user_id": 0
+            }
+        }
+    )
+
+    session.headers['att'] = task1.headers.get('att')
+
+    task2 = session.post(
+        'https://api.twitter.com/1.1/onboarding/task.json',
+        json={
+            "flow_token": task1.json().get('flow_token'),
+            "subtask_inputs": [{
+                "enter_text": {
+                    "suggestion_id": None,
+                    "text": username,
+                    "link": "next_link"
+                },
+                "subtask_id": "LoginEnterUserIdentifier"
+            }]
+        }
+    )
+
+    task3 = session.post(
+        'https://api.twitter.com/1.1/onboarding/task.json',
+        json={
+            "flow_token": task2.json().get('flow_token'),
+            "subtask_inputs": [{
+                "enter_password": {
+                    "password": password,
+                    "link": "next_link"
+                },
+                "subtask_id": "LoginEnterPassword"
+            }],
+        }
+    )
+
+    for t3_subtask in task3.json().get('subtasks', []):
+        if "open_account" in t3_subtask:
+            return t3_subtask["open_account"]
+        elif "enter_text" in t3_subtask:
+            response_text = t3_subtask["enter_text"]["hint_text"]
+            totp = pyotp.TOTP(otp_secret)
+            generated_code = totp.now()
+            task4resp = session.post(
+                "https://api.twitter.com/1.1/onboarding/task.json",
+                json={
+                    "flow_token": task3.json().get("flow_token"),
+                    "subtask_inputs": [
+                        {
+                            "enter_text": {
+                                "suggestion_id": None,
+                                "text": generated_code,
+                                "link": "next_link",
+                            },
+                            "subtask_id": "LoginTwoFactorAuthChallenge",
+                        }
+                    ],
+                }
+            )
+            task4 = task4resp.json()
+            for t4_subtask in task4.get("subtasks", []):
+                if "open_account" in t4_subtask:
+                    return t4_subtask["open_account"]
+
+    return None
+
+if __name__ == "__main__":
+    if len(sys.argv) != 5:
+        print("Usage: python3 get_session.py <username> <password> <2fa secret> <path>")
+        sys.exit(1)
+
+    username = sys.argv[1]
+    password = sys.argv[2]
+    otp_secret = sys.argv[3]
+    path = sys.argv[4]
+
+    result = auth(username, password, otp_secret)
+    if result is None:
+        print("Authentication failed.")
+        sys.exit(1)
+
+    session_entry = {
+        "oauth_token": result.get("oauth_token"),
+        "oauth_token_secret": result.get("oauth_token_secret")
+    }
+
+    try:
+        with open(path, "a") as f:
+            f.write(json.dumps(session_entry) + "\n")
+        print("Authentication successful. Session appended to", path)
+    except Exception as e:
+        print(f"Failed to write session information: {e}")
+        sys.exit(1)