/NoSession

NoSession: Security done right

Primary LanguageJavaMIT LicenseMIT

NoSession

modrinth badgemodrinth badge
curseforge badge
downloads
NoSession is a mod that protects your session ID.

Does this make me perfectly safe?

This mod doesn't make you 100% safe, but it makes it much harder to steal your session token. If you want to stay perfectly safe, look at the staying safe section

Staying Safe

In order to work around an unpatchable security vulnerability, rename the NoSession jar to !.jar, so it can load its protection before any other mods.
This only protects you from other mods. There are fake verification sites that can steal your session ID through that method.
Don't log in with Microsoft OAuth to anything except maybe your Minecraft launcher. You may also want to verify the signature on any NoSession binary. It's signed with pandaninjas' PGP key if the release is v1.1.0 or earlier, and signed with this key if the release is later than v1.1.0

See Angry_Pinapple's Hypixel forum post for more information

Support

Support is provided in The Fight Against Malware's discord server

Bug bounty

See SECURITY.md

Features

  • Does not break existing token login methods

Contributing

All pushes to the main branch must be signed with a cryptographic key. See https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key and https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account for how