Exploiting the fact that any account doesn't require any email confermation and using fuzzed device/account infos, making two requests (one for registering the account and the other one to reedem the code) gets unlimited coupons.
24/08/2019 Update: McD updated their backend, so this PoC is no longer working.
- Python >= 3.7
- Java >= 8
- Install requests using
pip3 install requests --user
Run via python3 mcfux.py
It opens a webserver on 127.0.0.1:8081 where you can get a coupon code (15916) as proof of the generation.
- Make this work with the new >=2.0 McD app update
- Rewrite the x-plexure-api-key generaton in Python
An updated version of this PoC will be done eventually.
Is a PoC not inteded to harm/be used in any circumstances other than testing. I take no responsibilities for any usage of this code. It was fun to make, that's it.