backpack.scratch.mit.edu

BluePixelLOLLL

How come when I go to backpack.scratch.mit.edu it shows this:

BluePixelLOLLL

Bump

-Zorra-

I'm fairly sure nobody except for whichever developer programmed it knows the actual the answer to this. Backpacks.scratch.mit.edu is for fetching a user's backpack contents, and the ghost emoji was probably just a placeholder.

Zydrolic

Tiny little easter egg (i think). If you want to fetch items from the backpack, the URL should be https://backpack.scratch.mit.edu/USERNAME?limit=LIMITHERE&offset=0
Not sure how you'd get it to not be forbidden (probably with sessionid and csrftoken but don't take my word) so don't ask me on that
EDIT: ninja'd (kinda)

Last edited by Zydrolic (July 3, 2024 19:50:10)

starlightsparker

Zydrolic wrote:
Tiny little easter egg (i think). If you want to fetch items from the backpack, the URL should be https://backpack.scratch.mit.edu/USERNAME?limit=LIMITHERE&offset=0
Not sure how you'd get it to not be forbidden (probably with sessionid and csrftoken but don't take my word) so don't ask me on that
EDIT: ninja'd (kinda)

Are you saying it’s possible to see other people’s backpack items? I remember seeing someone say they keep credit card numbers or something in their backpack- if anyone can see them, then scratch should clarify that

BluePixelLOLLL

starlightsparker wrote:
I remember seeing someone say they keep credit card numbers or something in their backpack-

That's stupid.

That person is gonna take a big L if:

if <[got hacked?] = [yes]> then
$ Balance: $00.00 ::operators
end

(NOT UNRELATED SCRATCHBLOCKS)
Its even worse that they told everyone.

Last edited by BluePixelLOLLL (July 3, 2024 20:10:30)

ilovestories

starlightsparker wrote:
Are you saying it’s possible to see other people’s backpack items? I remember seeing someone say they keep credit card numbers or something in their backpack- if anyone can see them, then scratch should clarify that

Result of going to that URL (with my backpack, don't worry):

{"code":"Forbidden","message":""}

starlightsparker

BluePixelLOLLL wrote:
starlightsparker wrote:
I remember seeing someone say they keep credit card numbers or something in their backpack-
That's stupid.

That person is gonna take a big L if:
if <[got hacked?] = [yes]> then
$ Balance: $00.00 ::operators
end
(NOT UNRELATED SCRATCHBLOCKS)
Its even worse that they told everyone.

Yeah, I know, but still- if it were public it should be clarified.

Zydrolic

starlightsparker wrote:
(#5)
Are you saying it’s possible to see other people’s backpack items? I remember seeing someone say they keep credit card numbers or something in their backpack- if anyone can see them, then scratch should clarify that

No. Unless you have the required data for the API request, it isn't. I'm not sure of the conditions for the request either. You get 403'd (“Forbidden”) if you just go to the URL or have incorrect data for the request.
EDIT: It's achieved with a post request though iirc

Last edited by Zydrolic (July 10, 2024 13:34:50)

ajskateboarder

A little fooling around

starlightsparker wrote:
Zydrolic wrote:
Tiny little easter egg (i think). If you want to fetch items from the backpack, the URL should be https://backpack.scratch.mit.edu/USERNAME?limit=LIMITHERE&offset=0
Not sure how you'd get it to not be forbidden (probably with sessionid and csrftoken but don't take my word) so don't ask me on that
EDIT: ninja'd (kinda)
Are you saying it’s possible to see other people’s backpack items? I remember seeing someone say they keep credit card numbers or something in their backpack- if anyone can see them, then scratch should clarify that

No, you can't

BluePixelLOLLL

I forgot this

Discuss Scratch