Proof of concept for a Tinder API vulnerability.
APACHE-2.0 License
This is a little script that automates Tinder swiping to match with profiles that liked you. It follows details laid out in Sanskar Jethi's Medium post about a Tinder API vulnerability.
This has been tested only in Python 3.7.3. It might work with previous or later version of Python, but I haven't tested them.
Pretinder finds all the pics from the profiles in your "Likes" deck that appears blurred to non-Premium users. It then cycles through your recommendations deck, comparing each picture via the cross-correlation template match function from OpenCV to each "Who liked you" picture. If there's an image match, Pretinder swipes right. If none of the pictures in the profile matches, Pretinder swipes left. Pretinder also accepts an argument to set the proportion of random right swipes on profiles. Finally, a right_swipe_limit
is randomly set ranging between 20 to 30 to prevent you from maxing out your right swipes.
virtualenv name_of_your_venv
.source name_of_your_venv/bin/activate
.pip install -r req.txt
.https://api.gotinder.com/like/
followed by a string of random characters.python Main.py "X-Auth-Token_here" "random_right"
, where random_right
is the proportion of random right swipes you want. If no argument is given to random_right
, it defaults to 0.2, or 20%. Alternatively, edit and run demo_run.sh
following the instructions inside.You might come across an error looking something like:
File "Main.py", line 145, in <module>
unblurred_img = unblur_image(headers)
File "Main.py", line 36, in unblur_image
assert response.status_code == 200, "GET failed, check auth_token"
AssertionError: GET failed, check auth_token
This means your X-Auth-Token has expired and you'll need to fetch a new one (see Step 5 of Installation above).