Chess.com unlimited analysis (server side) for free tier!
ZugToken
A vulnerability exists in the legacy game-analysis WebSocket endpoint that allows a user to perform unlimited server-side Stockfish analysis Game Review (CAPS calculation) on arbitrary PGNs, bypassing standard quotas.
The backend fails to validate that the authorization token generated for a specific game matches the PGN and Game UUID submitted in the WebSocket payload. By obtaining an authorization token for a single, valid game, an attacker can reuse that token to analyze any other game on the platform.
Usage
- Analyze any game normally and copy its Game ID.
- Replace
ANALYZED_GAMEwith that Game ID. - Add your Chess.com cookies to
COOKIES. - Install the required dependencies.
- Run the script:
python .\main.py "12345678"
Replace 12345678 with the target game ID you want to analyze.
After the script finishes:
- A JSON file containing the analysis data should appear in the same directory as the Python script.
- The analyzed game may display an accuracy score if the request succeeded.
Example
Example of analyzed games from a random Chess.com profile:
Disclaimer
This code is provided strictly for educational and archival purposes only.