I was using Cline. Great tool, genuinely — but it eats tokens like nothing else and I needed something leaner. So I started building my own. While doing that I noticed Cline accepts the Codex authentication from ChatGPT. So if it's actually possible to authenticate the Codex API through ChatGPT login… then I must do it. I honestly can't help myself, it felt like a mockery from Cline.
Codex was not a challenge. Websockets wide open. It's like leaving your front door unlocked in Rio de Janeiro and going on vacation. Full control flow in no time. My ego was in good shape.
So I went for Claude.
I did my research, found that someone had done it before, and then found out Anthropic had shut it down. A handful of tools on GitHub broke overnight. I tried for a while and gave up. Anthropic won that round. Especially because I spent more time than I am willing to admit before doing any research.
Then Codex quietly patched their exploit too. So now I had nothing.
A few weeks later I hadn't slept properly in days and I was convinced I had malware. I know that's probably just what sleep deprivation does to you. I did it anyway. Went through every process, every port, every log file I'd never looked at before. And when I'd exhausted everything else there was still traffic I couldn't account for.
Then I started thinking I need to know what these fellows are talking about. It's clearly CIA or the Chinese. Maybe they're working together!
…Turns out it was Claude Desktop.
I couldn't back down from this fight, not after the last fiasco. But QUIC streams, the fuck is that? Good thing I hadn't read up on the latest IP protocols. So naturally I am thinking "how hard can it be?". It was quite hard but not nearly hard enough to be deemed secure. Once I finished that's when it hit me: I should probably have checked the Claude CLI traffic. And it was just stupid TCP, took like 10 minutes to crack that case.
I didn't plan any of this. If you want to poke around, the repo is here.
1-1 Anthropic. It was a fair match.
Then I went 2 for 2 on Codex. It's starting to feel like bullying.
Top comments (1)
Before anyone whines about the code being written by a robot: my interest rapidly decreases once I solved the actual problem. Then it's shmakk's problem. More about that in another post.