Sunday, May 20, 2007

Myspace Redirection information

As you probably know(or if you don't you had better google), Myspace, Facebook, Virb and many other social sites have become leaders in the Web 2.0 revolution. Web 2.0 is a term used for any site that allows the reader to input information, instead of just reading. A example would be the Comment box below this blog.

Anyway, the problem with these "social club" sites is that they contain pictures, posts, and Personal Messages(PMs) from one user to another. If someone steals your password and login, they can access all your stuff. The How To below shows you an example of a fake Myspace site that could be used to capture your email, password, and ip address. Hopefully this will give you a better understanding of what to look out for when Signing in.

THE HOW TO:
Really it is simple to make, but if your Lazy like me and just want to see it working scroll down --- I have a demo below :-).

  1. First you create an account that can use PHP on a website such as 110mb.com
  2. Next you select a domain name such as myspace.110mb.com
  3. Then you go to myspace's website and look at one of their pages that requires you to login the following worked for me: (http://login.myspace.com/index.cfm?fuseaction=login.process&Mytoken=B0353D2A-7D79-427D-8F37FD877955882728990127)
  4. The page should say " You Must Be Logged-In to do That!"
  5. right click on the page and select view source, copy that the contents into a text file(most of the time notepad works best) You want the source and not a downloaded/ Save As copy because the pictures and java links should link back to myspace, not your server. (e.g instead of linking to http://110mb.com/pictures/image.jpg it will be http://myspace.com/pictures/image.jpg)
  6. Add the following to the bottom of the file(see comments for more info about what is what):
    http://aelshupit.googlepages.com/myspace_code.txt
    (just copy the code from the file to the bottom of the one with the source code)
  7. Next, search for:"tr valign="top" bgcolor="FFFFFF">" (should be below a table, about line 290)
  8. And add: http://aelshupit.googlepages.com/myspace_code2.txt
  1. save the file with a .php extention (e.g. myspace.php Note you need to select "all files" otherwise it will throw a .txt extension on the end even though named .php)
  2. Also Create a txt file with the name "myspace_boom.txt"
  3. Upload both "myspace.php" and "myspace_boom.txt" to the 110mb.com site or the php site you are using via FTP. I use filezilla but you can use what ever you like so long as you can set permisions. The permissions of "myspace_boom.txt" HAVE to be 775 otherwise it can't be written to.
  4. ..... OK YOUR DONE, goto the site you have and open the myspace.php file. Type in the password and email, then wait for the link to go redirect to the content. Now open myspace_boom.txt in your browser or FTP App. it should have the Email, password, and IP address for you.


it should look something like this: CLICK ME For THE DEMO!

Click here for Username, Password and IP address

(note how I hide the link)

END NOTES.
The only way you can tell that you are on a legit page for login is by looking in the address bar, everything else can look official, but that is the hardest thing to spoof (meaning fake). Myspace tells you to do this every time you login, but you probably ignore it or don't check, it is important you do this to insure you don't get your stuff stolen --- provided you care ;-). This type of password redirection does not stop with myspace the basic concept can be used for paypal, Email login sites, websites, and other phishing scams.