Skip to content

Instantly share code, notes, and snippets.

@CypherpunkSamurai

CypherpunkSamurai/terabox-web-api.md

Created November 18, 2021 20:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save CypherpunkSamurai/58d8f2b669e101e893a6ecf3d3938412 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save CypherpunkSamurai/58d8f2b669e101e893a6ecf3d3938412 to your computer and use it in GitHub Desktop.
Download ZIP
Reverse Engineering Terabox
Raw
terabox-web-api.md

Upload a File

curl "https://www.terabox.com/api/precreate?channel=dubox&web=1&app_id=250528&clienttype=0&bdstoken=49785c4158da93b4ed3d7619c49e76a4" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: application/json, text/javascript, */*; q=0.01" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" -H "X-Requested-With: XMLHttpRequest" -H "Origin: https://www.terabox.com" -H "Connection: keep-alive" -H "Referer: https://www.terabox.com/disk/home" -H "Cookie: browserid=DC92xGMqqIx7bbsfHbUrfJcTjCaM5UYN1RIM7hryxTb6S84rwr2RkY2N-Ss=; lang=en_US; G_ENABLED_IDPS=google; __stripe_mid=db6a0f0a-8f8c-41e6-93f5-d92c8849f31653ae5c; ndus=YSJIa8TteHuiIVhhRNQKVCcBfa_BEOLXWdUkmu3w; PANWEB=1" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-origin" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache" --data-raw "path="%"2Ftest2.txt&autoinit=1&target_path="%"2F&block_list="%"5B"%"225910a591dd8fc18c32a8f3df4fdc1761"%"22"%"5D&local_mtime=1637268601"

curl "https://c-all.terabox.com/rest/2.0/pcs/superfile2?method=upload&app_id=250528&channel=dubox&clienttype=0&web=1&path="%"2Ftest2.txt&uploadid=N1-NDIuMTEwLjEyOC43OjE2MzcyNjg2MDc6NTU1MjMyODk4NDkxNzg5ODA0&uploadsign=0&partseq=0" -X OPTIONS -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: */*" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Access-Control-Request-Method: POST" -H "Referer: https://www.terabox.com/" -H "Origin: https://www.terabox.com" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-site" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache"
curl "https://c-all.terabox.com/rest/2.0/pcs/superfile2?method=upload&app_id=250528&channel=dubox&clienttype=0&web=1&path="%"2Ftest2.txt&uploadid=N1-NDIuMTEwLjEyOC43OjE2MzcyNjg2MDc6NTU1MjMyODk4NDkxNzg5ODA0&uploadsign=0&partseq=0" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: */*" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Content-Type: multipart/form-data; boundary=---------------------------36090081722035748343393853072" -H "Origin: https://www.terabox.com" -H "Connection: keep-alive" -H "Referer: https://www.terabox.com/" -H "Cookie: browserid=DC92xGMqqIx7bbsfHbUrfJcTjCaM5UYN1RIM7hryxTb6S84rwr2RkY2N-Ss=; ndus=YSJIa8TteHuiIVhhRNQKVCcBfa_BEOLXWdUkmu3w" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-site" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache" --data-binary "-----------------------------36090081722035748343393853072"^

"Content-Disposition: form-data; name=""file""; filename=""blob"""^

"Content-Type: application/octet-stream"^

""^

"-----------------------------36090081722035748343393853072--"^

""
curl "https://www.terabox.com/api/create?isdir=0&rtype=1&channel=dubox&web=1&app_id=250528&clienttype=0&bdstoken=49785c4158da93b4ed3d7619c49e76a4" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: application/json, text/javascript, */*; q=0.01" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" -H "X-Requested-With: XMLHttpRequest" -H "Origin: https://www.terabox.com" -H "Connection: keep-alive" -H "Referer: https://www.terabox.com/disk/home" -H "Cookie: browserid=DC92xGMqqIx7bbsfHbUrfJcTjCaM5UYN1RIM7hryxTb6S84rwr2RkY2N-Ss=; lang=en_US; G_ENABLED_IDPS=google; __stripe_mid=db6a0f0a-8f8c-41e6-93f5-d92c8849f31653ae5c; ndus=YSJIa8TteHuiIVhhRNQKVCcBfa_BEOLXWdUkmu3w; PANWEB=1" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-origin" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache" --data-raw "path="%"2Ftest2.txt&size=19&uploadid=N1-NDIuMTEwLjEyOC43OjE2MzcyNjg2MDc6NTU1MjMyODk4NDkxNzg5ODA0&target_path="%"2F&block_list="%"5B"%"22a5890ace30a3e84d9118196c161aeec2"%"22"%"5D&local_mtime=1637268601"

List

curl "https://www.terabox.com/api/list?order=time&desc=1&showempty=0&web=1&page=1&num=100&dir="%"2F&t=0.09737982273278334&channel=dubox&web=1&app_id=250528&clienttype=0&bdstoken=49785c4158da93b4ed3d7619c49e76a4" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: application/json, text/javascript, */*; q=0.01" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "X-Requested-With: XMLHttpRequest" -H "Connection: keep-alive" -H "Referer: https://www.terabox.com/disk/home" -H "Cookie: browserid=DC92xGMqqIx7bbsfHbUrfJcTjCaM5UYN1RIM7hryxTb6S84rwr2RkY2N-Ss=; lang=en_US; G_ENABLED_IDPS=google; __stripe_mid=db6a0f0a-8f8c-41e6-93f5-d92c8849f31653ae5c; ndus=YSJIa8TteHuiIVhhRNQKVCcBfa_BEOLXWdUkmu3w; PANWEB=1" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-origin" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache"

Checks

curl "https://www.terabox.com/api/quota?checkexpire=1&checkfree=1&channel=dubox&web=1&app_id=250528&clienttype=0&bdstoken=49785c4158da93b4ed3d7619c49e76a4" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" -H "Accept: application/json, text/javascript, */*; q=0.01" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "X-Requested-With: XMLHttpRequest" -H "Connection: keep-alive" -H "Referer: https://www.terabox.com/disk/home" -H "Cookie: browserid=DC92xGMqqIx7bbsfHbUrfJcTjCaM5UYN1RIM7hryxTb6S84rwr2RkY2N-Ss=; lang=en_US; G_ENABLED_IDPS=google; __stripe_mid=db6a0f0a-8f8c-41e6-93f5-d92c8849f31653ae5c; ndus=YSJIa8TteHuiIVhhRNQKVCcBfa_BEOLXWdUkmu3w; PANWEB=1" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: same-origin" -H "DNT: 1" -H "Sec-GPC: 1" -H "Pragma: no-cache" -H "Cache-Control: no-cache"
@realmCode
Copy link

realmCode commented Jul 5, 2025

Use HTTP Toolkit or Fiddler or Mitmproxy.

On Sat, 5 Jul, 2025, 10:55 am N C, @.> wrote: @.* commented on this gist. ------------------------------ @CypherpunkSamurai https://github.com/CypherpunkSamurai hey , can you please share: how to create a new app ? I just need a client_id/app_id to use the Terabox API. I cannot find the section where i can register a new app Thanks, appreciated client id and app id are extracted from terabox web app. login to terabox web with network tab on the right to see how the requests work. I tried to reverse engineer it but it redirects to about:blank, I am unable to overide such part of js i tried to find anti debugging parts of code but failed. Any sol? — Reply to this email directly, view it on GitHub https://gist.github.com/CypherpunkSamurai/58d8f2b669e101e893a6ecf3d3938412#gistcomment-5664040 or unsubscribe https://github.com/notifications/unsubscribe-auth/AP6OSITUH6KXEAZPHWY352T3G5OS5BFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCMZRGIZDCMJRU52HE2LHM5SXFJTDOJSWC5DF . You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .

I thought of that, but was confused if some values are generated by js challenges. I am trying now by http toolkit.

@realmCode
Copy link

realmCode commented Jul 5, 2025

image
My expectation was correct, login with user and pass has js based generation. So debugging is needed.

@CypherpunkSamurai
Copy link
Author

CypherpunkSamurai commented Sep 17, 2025
edited
Loading

i think they added this components later on. these were not present when i reverse engineered it.

I don't use terabox much, and dont really have time to reverse engineer the api. I'll update if i do tbh.

@realmCode
Copy link

realmCode commented Sep 17, 2025

i think they added this components later on. these were not present when i reverse engineered it.

I don't use terabox much, and dont really have time to reverse engineer the api. I'll update if i do tbh.

Nvm, i reversed all js and everything now getting unlimited download speed. For test https://t.me/dlteraxbot

@CypherpunkSamurai
Copy link
Author

CypherpunkSamurai commented Sep 18, 2025 via email

@realmCode
Copy link

realmCode commented Sep 24, 2025
edited
Loading

Would you mind open-sourcing it? gist is fine for less attention. a whole github repo pulls more attention. reply with the gist id here if you dont want it google indexed. just for future reference.

On Wed, Sep 17, 2025 at 6:59 PM N C @.> wrote: @.* commented on this gist. ------------------------------ i think they added this components later on. these were not present when i reverse engineered it. I don't use terabox much, and dont really have time to reverse engineer the api. I'll update if i do tbh. Nvm, i reversed all js and everything now getting unlimited download speed. For test https://t.me/dlteraxbot — Reply to this email directly, view it on GitHub https://gist.github.com/CypherpunkSamurai/58d8f2b669e101e893a6ecf3d3938412#gistcomment-5763288 or unsubscribe https://github.com/notifications/unsubscribe-auth/AP6OSIWO6GS3ERQD5GYWSIL3TFOZZBFHORZGSZ3HMVZKMY3SMVQXIZNMON2WE2TFMN2F65DZOBS2WR3JON2EG33NNVSW45FGORXXA2LDOOIYFJDUPFYGLJDHNFZXJJLWMFWHKZNJGEYTGMJSGIYTCMNKMF2HI4TJMJ2XIZLTSOBKK5TBNR2WLKJRHA2DIMBTGMYDRJDOMFWWLKDBMN2G64S7NFSIFJLWMFWHKZNEORZHKZNENZQW2ZN3ORUHEZLBMRPXAYLSORUWG2LQMFXHIX3BMN2GS5TJOR4YFJLWMFWHKZNEM5UXG5FENZQW2ZNLORUHEZLBMRPXI6LQMU . You are receiving this email because you authored the thread. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .
-- Signed-Off By: Rakesh Chowdhury

Can;t due to cnd, it has reversing and breaking parts. You can talk to me incase. Also other insecurity is I have the only source that is working, even i saw and contacted all top seo sites for downloading.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment