EvilZone

Programming and Scripting => Web Oriented Coding => Topic started by: Galtor on May 31, 2015, 03:16:44 PM

Title: Twitter username and paswords variables handling
Post by: Galtor on May 31, 2015, 03:16:44 PM

Hi all,

I'm trying to get a pof of a Twitter phishing, but I'm getting problems with the PHP file that writes victim's inputs into another file. The PHP code I started programming was this:

$fp = fopen("TwitterPasswords.htm", "a");
fwrite($fp, "Email:$_POST[username_or_email]\tPassword:$_POST[password]");
echo "<HTML>

and according to Twitter source page, variables are name="session[username_or_email]"  and name="session[password]". I'm quite newbie, how can I handle those variables, please?

Thanks a lot,

Title: Re: Twitter username and paswords variables handling
Post by: iTpHo3NiX on May 31, 2015, 04:33:02 PM

Those are long, I don't think you can handle it

Title: Re: Twitter username and paswords variables handling
Post by: Galtor on May 31, 2015, 06:46:04 PM

if so, is there any way to catch those variables? I think that there are those phishing web pages based on old versions of Twitter.

Thanks

Title: Re: Twitter username and paswords variables handling
Post by: iTpHo3NiX on May 31, 2015, 11:04:10 PM

Use SET, spear-phishing. Make sure you chmod you text file to store the accounts. But anyways that went WAY over your head

Title: Re: Twitter username and paswords variables handling
Post by: ande on May 31, 2015, 11:24:11 PM

Are that code supposed to work? $_POST[username_or_email] and $_POST[password] are not valid syntax. I think you will have to do $_POST['username_or_email'] and $_POST['password'] in this case.

PS: I think you should post a bit more information about the environment you are working on. Twitter source page? session? What does your POST form look like? Where does it come from and how is it sent? And so on.