2013년 12월 3일 화요일

[Python] Twitter hacking


The title is somewhat attractive but I'm not (maybe can't) going to talk about hacking the Twitter server.

As you know, Twitter is a well known social network and lots of people use Twitter openly and share his or others information through Twitter.

But some people use their account privately, which means they use Twitter to communicate with his friends.

These people tends to make mistake like twit his personal information on Twitter.




So, I want to show you how easily people can be hacked through Twitter.

I took this experiment few months ago and I could get 1560 different phone numbers in one week...


DO NOT USE THIS FOR REAL HACKING!

Just be careful when you use SNS or internet.


  1. # -*- coding:utf-8 -*-
  2. import time
  3. from twitter import *
  4. import re
  5. import MySQLdb
  6. DB_NAME = 'twitter'
  7. DB_TABLE = 'phone'
  8. # tid bigint(20), name varchar(20), text text, number bigint(20)
  9. DB_ID = 'carpedm20'
  10. DB_PASS = ' '
  11. db = MySQLdb.connect(host="", user=DB_ID, db=DB_NAME, passwd=DB_PASS, port=3306)
  12. cur = db.cursor()
  13. OAUTH_TOKEN = ''
  14. OAUTH_SECRET = ''
  15. CONSUMER_KEY = ''
  16. CONSUMER_SECRET = ''
  17. = Twitter( auth=OAuth(OAUTH_TOKEN, OAUTH_SECRETCONSUMER_KEY, CONSUMER_SECRET)
  18. findNum = re.compile(r'regular expression for phone number')
  19. while 1:
  20.         print "= start at " + time.ctime() + " ="
  21.         output = t.search.tweets(q="010",lang='ko',count='100')
  22.         print output['search_metadata']['count']
  23.         for s in output['statuses']:
  24.                 tid =  s['id']
  25.                 name = s['user']['name'].encode('utf-8')
  26.                 text = s['text'].replace("'","").encode('utf-8')
  27.                 number = findNum.findall(s['text'])
  28.                 upload_time = s['created_at'].encode('utf-8')
  29.                 if number is []:
  30.                         continue
  31.                 query = "SELECT * FROM "+DB_TABLE+" WHERE tid="+str(tid)
  32.                 cur.execute(query)
  33.                 if cur.fetchone() != None:
  34.                         continue
  35.                 for n in number:
  36.                         query = "INSERT INTO "+DB_TABLE+" (`tid`,`name`,`text`,`number`,`time`) VALUES("+str(tid)+",'"+name+"','"+text+"','"+str(n)+"','"+upload_time+"');"
  37.                         print query
  38.                         try:
  39.                                 cur.execute(query)
  40.                                 db.commit()
  41.                         except:
  42.                                 print "ERROR : " + query
  43.         time.sleep(30)

댓글 없음:

댓글 쓰기