Skip to content

Instantly share code, notes, and snippets.

@jazzychad

jazzychad/gist:3281354

Created August 7, 2012 03:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jazzychad/3281354 to your computer and use it in GitHub Desktop.
Save jazzychad/3281354 to your computer and use it in GitHub Desktop.
Download ZIP
App.net/Twitter crosspost hack
Raw
gistfile1.md

Many are wondering how I am crossposting from Twitter to app.net. It is a dirty hack. Or more correctly, a dirty crack.

I found a session cookie security hole on app.net, and I am exploiting it to post to my app.net timeline from outside the website. This is also how I ran datebot.

Out of respect for dalton and crew, I am not making this exploit public (they say it will be plugged soon anyway).

If you are ambitious, you can find it as well. It took about 10 minutes for me to find.

Here's a hint, start by inspecting the Networking calls in a webkit inspector when you make a post.

-jazzychad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment