Bypassing Tinder's Paywall: Like people back that liked you.

on

TL;DR

You can automatically match with profiles that liked you on Tinder for free (tho not 100% of 'em). At the end of this post I attached a proof-of-concept python script you can use to try this out "Automated Script").

The Obstacle

Tinder includes the user id of a user in the url of all their photos. The user id is the only thing you need to send a like for that user to the server. Now there are two issues:

  1. The urls of blurred photos of the people that liked you use secondary, "shadow" user id. Maybe it's hashed, stretched, whatever. I wasn't (yet) able to dereference them. Although I recently wrote about how to unblurr those photos (also for free) in this previous post. But:
  2. the urls of the unblurred photos don't use the original user id either.

Hence by that approach it's not possible to see and like people that liked you on Tinder.

How to bypass it

Tinder shows you to kind of blurred image(s), they refer to them as teaser(s). The grid of blurred photos are the teasers "page". Those are the images I mentioned at The Obstacle. The single blurred image on top of your messages is a single teaser, it also shows a name. Funnily enough the name isn't the only thing setting this teaser profile apart from the rest. Besides the recenlty_active flag it also uses the original user id to fetch the image when you unblurr it (see my earlier mentioned previous post).

So you send a like request (which is a POST request to this urL: https://api.gotinder.com/like/user id?locale=en replace with actual user id) to the current teaser profile to create a match. Now you'll get a new teaser profile you can repeat that process on.

Limitations

Unfortunately the limitations are quite strong. I cannot test them further though, as my teaser profile doesn't change anymore:

  1. this method stopped working after 12 matches as the server delivers outdated information (profile I've already matched with),
  2. sometimes the server refreshes the teaser not in time, making the script fail,
  3. I believe sometimes the recently_active.image_url instead of teaser_url has to be used,
  4. it's not possible to choose who to match with. It's 100% sequential.

Automated Script

I again wrote a proof-of-concept python3 script that you can use to test this method. The error handling is a bit rough of course, I'll only wanted to demonstrate that it works and will leave it to somebody else to craft something more refined.

  1. find your X-AUTH-TOKEN, here's how: https://i.imgur.com/KTT78LK.png,
  2. download the script: https://pastebin.com/4xw7CehJ
  3. type this into your terminal/CMD/powershell: python ./match-maker.py YOUR-X-AUTH-TOKEN
  4. if the script fails/crashes try it again after 1min. If it still fails there is nothing I can do :(

If you keep Tinder open you'll see plenty matches plopping up. Quite entertaining!

Disclaimer

Keep in mind that this might not be to the liking of Tinder so they might block your account. Also I only tested it on a GNU/Linux computer.

submitted by /u/nachfarbensortiert
[link] [comments]

from hacking: security in practice https://ift.tt/eU7QHoj

Comments

Post a Comment