The latest articles on DEV Community by marbad1994 (@marbad1994). https://dev.to/marbad1994 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F524088%2Fc4ba7ef4-6cf2-45df-bcf3-7941deefbecc.jpg https://dev.to/marbad1994 en marbad1994 Sat, 30 May 2026 22:59:56 +0000 https://dev.to/marbad1994/i-accidentally-hacked-claudes-api-42c https://dev.to/marbad1994/i-accidentally-hacked-claudes-api-42c <p>I was using <a href="https://cline.bot" rel="noopener noreferrer">Cline</a>. Great tool, genuinely — but it eats tokens like nothing else and I needed something leaner. So I started building my own. While doing that I noticed Cline accepts the Codex authentication from ChatGPT. So if it's actually possible to authenticate the <a href="https://openai.com" rel="noopener noreferrer">Codex</a> API through <a href="https://chatgpt.com" rel="noopener noreferrer">ChatGPT</a> login… then I must do it. I honestly can't help myself, it felt like a mockery from Cline.</p> <p>Codex was not a challenge. Websockets wide open. It's like leaving your front door unlocked in Rio de Janeiro and going on vacation. Full control flow in no time. My ego was in good shape.</p> <p>So I went for <a href="https://anthropic.com" rel="noopener noreferrer">Claude</a>.</p> <p>I did my research, found that someone had done it before, and then found out Anthropic had shut it down. A handful of tools on GitHub broke overnight. I tried for a while and gave up. Anthropic won that round. Especially because I spent more time than I am willing to admit before doing any research.</p> <p>Then Codex quietly patched their exploit too. So now I had nothing.</p> <p>A few weeks later I hadn't slept properly in days and I was convinced I had malware. I know that's probably just what sleep deprivation does to you. I did it anyway. Went through every process, every port, every log file I'd never looked at before. And when I'd exhausted everything else there was still traffic I couldn't account for.</p> <p>Then I started thinking I need to know what these fellows are talking about. It's clearly CIA or the Chinese. Maybe they're working together!</p> <p><em>…Turns out it was Claude Desktop.</em></p> <p>I couldn't back down from this fight, not after the last fiasco. But QUIC streams, the fuck is that? Good thing I hadn't read up on the latest IP protocols. So naturally I am thinking "how hard can it be?". It was quite hard but not nearly hard enough to be deemed secure. Once I finished that's when it hit me: I should probably have checked the Claude CLI traffic. And it was just stupid TCP, took like 10 minutes to crack that case.</p> <p>I didn't plan any of this. If you want to poke around, the repo is <a href="https://github.com/marbad1994/anthprox-makk-gpt" rel="noopener noreferrer">here</a>.</p> <p><strong>1-1</strong> <a href="https://anthropic.com" rel="noopener noreferrer">Anthropic</a>. It was a fair match.</p> <p>Then I went <strong>2 for 2</strong> on Codex. It's starting to feel like <em>bullying</em>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqilcjwqrb4reqs2wa0v0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqilcjwqrb4reqs2wa0v0.png" alt="Feasting off of that affirmation i desperatly need" width="800" height="1278"></a></p> security showdev ai python