The web version of Telegram is written in AngularJS and supports most of the features available in the mobile and desktop versions. This provides a useful platform to inject JavaScript and hijack the AngularJS app to interact with the API, without the need to maintain the code to handle the MTProto authentication.
Following on from the previous post here, injecting into the AngularJS app will allow us to interact with the Telegram API and also allow us to access data associated with page objects, usually inaccessible to a user.
The scripts page contains links to GreaseMonkey scripts for various useful Telegram scripts.
Examples
Getting the current dialog ID:
angular.element(document.body).injector().get('$rootScope').selectedPeerID;
Invoking the API to get members of a Telegram group:
var mtpApiManager = angular.element(document).injector().get('MtpApiManager');
mtpApiManager.invokeApi('channels.getParticipants', {
channel: appChatsManager.getChannelInput(groupID),
filter: {
_: 'channelParticipantsRecent'
},
limit: 200,
offset: 0
}).then(function (data) {
console.log(data);
return;
});
More examples will be given over the next few weeks
Fabled Owl 
One thought on “Hijacking the Telegram API”