Skip to content

Latest commit

 

History

History
22 lines (13 loc) · 1.13 KB

README.md

File metadata and controls

22 lines (13 loc) · 1.13 KB

twitter-phishing (looks like they fixed)

Testing if phishing works on twitter(experiment)

Demo: https://x.com/_RobinRoy/status/1731364248771527133?s=20

This redirects to https://chat.openai.com/ and not https://x.ai as the thumbnail suggests image

More issues

This has issues far-reaching, we can effectively bypass "any" twitter set link firewalls using this.

  • we can effectively bypass the Twitter/x safety link filter using this.
  • the Twitterbot has no way of knowing what link it is pointing to, so scamming/bypassing the Twitter/x firewall is super easy

Why

Twitterbot goes to the posted link and looks at the Location response header to get it's "real" URL (in case of redirects). That's why the posted URL doesn't have to be to be the same as the URL of the OG image.

This makes it very easy to trick people.

The code is inspired by eykrehbein/fake-og and this tweet and this