Tiktok pull creator exploit made by iron web10
// ==UserScript==
// @name TikTok Poll Creator Exploit
// @namespace http://tampermonkey.net/
// @version 0.1
// @description Tiktok pull creator exploit made by iron web10
// @author iron web10
// @match https://www.tiktok.com/*
// @grant GM_xmlhttpRequest
// @grant GM_cookie
// @connect api16-normal-no1a.tiktokv.eu
// @license iron web10 2026
// ==/UserScript==
(function() {
'use strict';
function showNotification(message, type = 'success') {
const existing = document.getElementById('tm-poll-toast-container');
const container = existing || (() => {
const c = document.createElement('div');
c.id = 'tm-poll-toast-container';
c.style = `
position: fixed; top: 20px; right: 20px; z-index: 999999;
display: flex; flex-direction: column; gap: 10px;
font-family: TikTokFont, sans-serif;
`;
document.body.appendChild(c);
return c;
})();
const colors = {
success: { bg: '#0fae5c', icon: '✓' },
error: { bg: '#fe2c55', icon: '✕' }
};
const style = colors[type] || colors.success;
const toast = document.createElement('div');
toast.style = `
background: ${style.bg}; color: #fff; padding: 12px 16px;
border-radius: 8px; box-shadow: 0 4px 16px rgba(0,0,0,0.25);
display: flex; align-items: center; gap: 10px;
font-size: 14px; font-weight: 600; max-width: 320px;
opacity: 0; transform: translateX(20px);
transition: opacity 0.25s ease, transform 0.25s ease;
`;
toast.innerHTML = `
<span style="font-size:16px; line-height:1;">${style.icon}</span>
<span style="flex:1; font-weight:500;">${message}</span>
`;
container.appendChild(toast);
requestAnimationFrame(() => {
toast.style.opacity = '1';
toast.style.transform = 'translateX(0)';
});
const duration = type === 'error' ? 6000 : 4000;
setTimeout(() => {
toast.style.opacity = '0';
toast.style.transform = 'translateX(20px)';
setTimeout(() => toast.remove(), 250);
}, duration);
}
function getVideoId() {
const match = window.location.href.match(/\/video\/(\d+)/);
return match ? match[1] : null;
}
function getSessionCookie(callback) {
if (typeof GM_cookie === 'undefined' || !GM_cookie.list) {
console.error("[Tiktok Tool] GM_cookie is not available. Enable cookie access permission for this site in Tampermonkey settings, and make sure you're using Chrome/Edge.");
callback(null);
return;
}
function findInList(cookies) {
if (!cookies || cookies.length === 0) return null;
const sessionCookie = cookies.find(c => c.name === 'sessionid_ss' || c.name === 'sessionid');
return sessionCookie ? sessionCookie.value : null;
}
GM_cookie.list({ domain: '.tiktok.com' }, function(cookies, error) {
if (error) {
console.error("[Tiktok Tool] Error listing cookies (.tiktok.com domain):", error);
}
const value = findInList(cookies);
if (value) {
console.log("[Tiktok Tool] Cookie found successfully (.tiktok.com domain)");
callback(value);
return;
}
GM_cookie.list({}, function(cookies2, error2) {
if (error2) {
console.error("[Tiktok Tool] Error listing cookies (general fallback):", error2);
callback(null);
return;
}
const value2 = findInList(cookies2);
if (value2) {
console.log("[Tiktok Tool] Cookie found successfully (general fallback)");
callback(value2);
return;
}
console.error("[Tiktok Tool] 'sessionid' not found in .tiktok.com domain or general fallback.");
callback(null);
});
});
}
function sendPollRequest(data, sessionId) {
if (!sessionId) {
showNotification("Session ID not detected. Check Tampermonkey cookie permissions and that you're logged in.", 'error');
return;
}
const url = "https://api16-normal-no1a.tiktokv.eu/aweme/v1/comment/poll/create/?aid=1233";
const details = new URLSearchParams();
details.append('item_id', data.videoId);
details.append('title', data.title);
const optionsJSON = [
{ "index": 0, "text": data.option1 },
{ "index": 1, "text": data.option2 }
];
details.append('poll_option_list', JSON.stringify(optionsJSON));
details.append('expire_time', data.expireTime);
console.log(`[Tiktok Tool] Sending payload using Token: ${sessionId.substring(0, 6)}...`);
GM_xmlhttpRequest({
method: "POST",
url: url,
headers: {
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Cookie": `sessionid=${sessionId}`,
"Accept-Encoding": "gzip"
},
data: details.toString(),
onload: function(response) {
console.log("TikTok API response:", response.responseText);
let parsed;
try {
parsed = JSON.parse(response.responseText);
} catch (e) {
showNotification("Unexpected server response. Check the console.", 'error');
return;
}
if (parsed.status_code === 0) {
showNotification(`Poll created successfully (ID: ${parsed.poll_id})`, 'success');
} else {
const knownMessages = {
2054: "You don't have permission on this video (it's not yours).",
};
const message = knownMessages[parsed.status_code]
|| parsed.status_msg
|| `Unknown error (code ${parsed.status_code})`;
showNotification(message, 'error');
}
},
onerror: function(error) {
console.error("Critical request error:", error);
showNotification("Network error while sending the request. Check the console.", 'error');
}
});
}
function showConfigDialog(videoId) {
if (document.getElementById('tm-poll-modal')) return;
const modal = document.createElement('div');
modal.id = 'tm-poll-modal';
modal.style = `
position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%);
background: #ffffff; padding: 24px; border-radius: 12px; z-index: 100000;
box-shadow: 0 8px 30px rgba(0,0,0,0.3); font-family: TikTokFont, sans-serif;
width: 320px; color: #161823;
`;
modal.innerHTML = `
<h3 style="margin-top:0; margin-bottom:15px; font-size:18px;">Configure Poll</h3>
<p style="font-size:12px; color:#73747b; margin-bottom:12px;">Video ID: <b>${videoId}</b></p>
<label style="font-size:13px; font-weight:600;">Poll Title:</label>
<input type="text" id="poll-title" value="Join dsc.gg/iron-web10" style="width:100%; margin: 6px 0 12px 0; padding:8px; border:1px solid #d1d1d6; border-radius:4px; box-sizing:border-box;">
<label style="font-size:13px; font-weight:600;">Option 1:</label>
<input type="text" id="poll-op1" value="Join dsc.gg/iron-web10" style="width:100%; margin: 6px 0 12px 0; padding:8px; border:1px solid #d1d1d6; border-radius:4px; box-sizing:border-box;">
<label style="font-size:13px; font-weight:600;">Option 2:</label>
<input type="text" id="poll-op2" value="Join dsc.gg/iron-web10" style="width:100%; margin: 6px 0 12px 0; padding:8px; border:1px solid #d1d1d6; border-radius:4px; box-sizing:border-box;">
<label style="font-size:13px; font-weight:600;">Expiration time (seconds):</label>
<input type="number" id="poll-expire" value="604800" style="width:100%; margin: 6px 0 16px 0; padding:8px; border:1px solid #d1d1d6; border-radius:4px; box-sizing:border-box;">
<div style="display:flex; justify-content: flex-end; gap: 8px;">
<button id="poll-cancel" style="background:#f1f1f2; color:#161823; border:none; padding:8px 14px; border-radius:4px; cursor:pointer; font-weight:600;">Cancel</button>
<button id="poll-submit" style="background:#fe2c55; color:#fff; border:none; padding:8px 14px; border-radius:4px; cursor:pointer; font-weight:600;">Create</button>
</div>
`;
const overlay = document.createElement('div');
overlay.id = 'tm-poll-overlay';
overlay.style = 'position:fixed; top:0; left:0; width:100%; height:100%; background:rgba(0,0,0,0.5); z-index:99999;';
document.body.appendChild(overlay);
document.body.appendChild(modal);
document.getElementById('poll-cancel').addEventListener('click', () => {
modal.remove();
overlay.remove();
});
document.getElementById('poll-submit').addEventListener('click', () => {
const data = {
videoId: videoId,
title: document.getElementById('poll-title').value,
option1: document.getElementById('poll-op1').value,
option2: document.getElementById('poll-op2').value,
expireTime: document.getElementById('poll-expire').value
};
modal.remove();
overlay.remove();
getSessionCookie(function(token) {
sendPollRequest(data, token);
});
});
}
function injectPollButton() {
const emojiBtn = document.querySelector('[data-e2e="comment-emoji-icon"]');
if (!emojiBtn) return;
const emojiContainer = emojiBtn.closest('.TUXTooltip-reference');
if (!emojiContainer) return;
if (document.getElementById('tm-poll-button-container')) return;
const pollBtnWrapper = document.createElement('div');
pollBtnWrapper.className = 'TUXTooltip-reference';
pollBtnWrapper.id = 'tm-poll-button-container';
const pollBtn = document.createElement('button');
pollBtn.className = 'TUXButton TUXButton--default TUXButton--medium TUXButton--secondary css-kkqp2-7937d88b--StyledEmojiButton e1apxw0s0';
pollBtn.type = 'button';
pollBtn.setAttribute('aria-label', 'Click to configure and add a poll');
pollBtn.setAttribute('title', 'Click to add a poll');
pollBtn.tabIndex = 0;
pollBtn.innerHTML = `
<div class="TUXButton-content">
<div class="TUXButton-iconContainer">
<svg fill="currentColor" color="inherit" font-size="inherit" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg" width="1em" height="1em">
<path d="M38 42H10a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h28a2 2 0 0 1 2 2v32a2 2 0 0 1-2 2ZM14 36h4V22h-4v14Zm8 0h4V14h-4v22Zm8 0h4V28h-4v8Z"/>
</svg>
</div>
</div>
`;
pollBtn.addEventListener('click', (e) => {
e.preventDefault();
const currentId = getVideoId();
if (currentId) {
showConfigDialog(currentId);
} else {
showNotification("Please open a valid video.", 'error');
}
});
pollBtnWrapper.appendChild(pollBtn);
emojiContainer.after(pollBtnWrapper);
}
const observer = new MutationObserver(() => {
injectPollButton();
});
observer.observe(document.body, {
childList: true,
subtree: true
});
})();