How users are getting free access to GPT-4?!

6 min read

What is Poe

Poe is this sick platform by Quora that lets you chat with some advanced AI bots like OpenAI’s ChatGPT and GPT-4, and even Anthropic’s Claude. These are like, the most advance language models out there, and they can generate text on literally anything you throw at them.

But here’s the catch: Poe ain’t free, my dudes. You spend some cash every month to use all its features.

That’s why some smart cookies have found a way to get their hands on Poe’s features without spending anything at all lol. They’re doing by reverse engineering the API, they can make Poe think they’re paying customers and unlock all the goodies for free.

In this blog post, I’m gonna show you how these hackers are pulling it off. But I’ll also tell you why it’s not a great idea and what kind of trouble you could get into if you try it yourself.

What is Reverse Engineering?

Reverse engineering is when you take apart a system or a product to figure out how it works and how it was made. You can use it for all sorts of things, like learning, improving, modifying, or copying stuff.

When it comes to Poe, reverse engineering means snooping on the messages that go back and forth between Poe and the devices that use it. The API is like a set of rules that tells how the messages should look, what info they need, and what actions they can do. The API also uses some security stuff to make sure only legit users can access Poe’s features.

By reverse engineering the API, you can make your own tools or libraries that can use Poe’s features for free, without paying for a subscription. These tools or libraries pretend to be the real Poe app or website, but they sneak past the security checks. They also let you tweak the settings and options of the API calls, like which model to request, what to say, how long the response should be, or what device ID to use.

How People are Hacking Poe’s API?

To hack Poe’s API, you need to use some tools and skills to spy on and mess with the messages that Poe sends and receives. Here are the basic steps:

  1. Log into Poe on any desktop web browser, then open your browser’s developer tools (also known as “inspect”) and look for the value of the p-b cookie in the following menus:

    • Chromium: Devtools > Application > Cookies > poe.com
    • Firefox: Devtools > Storage > Cookies
    • Safari: Devtools > Storage > Cookies

    This cookie has your token, which is a secret code that tells Poe who you are. You’ll need this token later to send messages to Poe.

  2. Install a tool like Wireshark, Fiddler, or Burp Suite on your device. These tools can spy on and change the messages that Poe sends and receives. You can also use them to repeat or test the messages.

  3. Set up your tool to watch the messages between your browser and Poe. You might need to change some settings or install some files on your device to do this. Check the instructions of your tool for more details.

  4. Start watching the messages and filter them by poe.com. You should see some messages that look like this:

    POST /api/graphql HTTP/1.1
Host: poe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Content-Type: application/json
Accept: */*
Origin: https://poe.com
Referer: https://poe.com/
Cookie: p-b=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Length: 123

    {
    "query": "query GetBots {\n  bots {\n    id\n    name\n    description\n    icon\n  }\n}",
    "variables": null,
    "operationName": "GetBots"
}

    These are examples of GraphQL messages, which is the language that Poe uses for its API. You can learn more about GraphQL here: https://graphql.org/

  5. Study the messages to understand how the API works. You can use tools like Postman, curl, or Python requests to send and receive messages to Poe. You can also use tools like GraphiQL or GraphQL Playground to explore the API structure and documentation.

    For example, you can use Postman to send a message like this:

    POST https://poe.com/api/graphql
Content-Type: application/json
Cookie: p-b=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

    {
    "query": "mutation SendMessage($botId: ID!, $message: String!) {\n  sendMessage(botId: $botId, message: $message) {\n    id\n    content\n    createdAt\n  }\n}",
    "variables": {
        "botId": "bot_1",
        "message": "hi there who are you?"
    },
    "operationName": "SendMessage"
}

    And get a response like this:

    {
    "data": {
        "sendMessage": {
            "id": "msg_1",
            "content": "Hello! I'm ChatGPT, a friendly chatbot powered by OpenAI's ChatGPT model.",
            "createdAt": "2023-07-01T01:02:25.123Z"
        }
    }
}

    This message sends a message to the bot with the ID bot_1, which is ChatGPT, and gets a response from the bot. You can see the parameters and fields that are needed and returned by the API.

  6. Repeat steps 4 and 5 for different messages, like creating or editing bots, deleting messages, purging conversations, etc. You can also use different bots or messages to see how they affect the results.

  7. You can even use Python to write a tool like this:

    import requests

class PoeTool:
    def __init__(self, token):
        self.token = token
        self.base_url = "https://poe.com/api/graphql"
        self.headers = {
            "Content-Type": "application/json",
            "Cookie": f"p-b={token}"
        }

    def send_message(self, bot_id, message):
        query = """
        mutation SendMessage($botId: ID!, $message: String!) {
          sendMessage(botId: $botId, message: $message) {
            id
            content
            createdAt
          }
        }
        """
        variables = {
            "botId": bot_id,
            "message": message
        }
        data = {
            "query": query,
            "variables": variables,
            "operationName": "SendMessage"
        }
        response = requests.post(self.base_url, json=data, headers=self.headers)
        return response.json()

Why You Probably Shouldn’t Hack Poe’s API

Okay, so I know hacking Poe’s API might seem like a thrilling challenge, and you might be tempted to try it just for the sake of curiosity or bragging rights. But let’s be real, it’s not a smart move, especially for us students who are still learning the ropes of tech and ethics.

hacking Poe’s API can backfire on you in ways you might not expect. What if Quora finds out and decides to sue you or report you to your school or isp provider? What if the tools you use to hack Poe’s API have malware that steals your personal data or ruins your devices? What if you accidentally break something in Poe’s API and cause problems for other users or the AI models? These are all risks that you’re taking by messing with Poe’s API without permission.

Lastly, as students, It’s not worth risking your reputation, your education, or your future just for a few free chats with some AI bots :)

Conclusion

In this blog post, I’ve shown you how some folks are hacking Poe’s API to get free access to its features. I’ve also told you why it’s a bad idea and what could happen if you try it yourself. I’m not trying to teach you how to do it, just explaining the theory behind it.

I hope this post has helped you understand how Poe, api and some tools work.

Thanks for reading, and remember, don’t do anything stupid lol.