|
'cause everyone should have a blog
|
|
|
Using this idea, I put together a shell script that could post to the standard Paypal phishing site. After a little research I was able to write a perl script that could generate credit card numbers with the appropriate check-digit to pass the MOD10 test. Soon I had wget posting a new bogus number (and accompanying bogus email address, pin number, etc) every 10 minutes.
After sharing my script and swapping site URLs with another user in #utah (on Freenode) we discussed the idea of building a system to allow others to easilly share and stuff garbage data into phishing sites.
The idea is to design some sort of XML spec that could describe a phishing site. It would list the fields to be filled in, what type data goes in them, etc. Using a web interface, people could report the phishing sites they come across. Once reported, duplicates are thrown out, sites are checked to ensure that the system isn't being abused, and an XML description is generated. Remote clients for various platforms would be available to download the XML descriptions and periodically post data to the phishing sites. The more machines posting good-looking data at random intervals, the harder it will be to sort out the good and bad data.
At some point between job hunting and work I really need to work on this. I'm surprised I havn't found a group of people already doing this.
|
AboutJason Hill is a busy guy. When he's not supporting computers for the Fairfax County Police Department or working with Nexus he spends his time building an N-Scale model Railroad and writing programs. |
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding QBFreak.net? Send feedback
Powered by TWiki/Dakar
Wed, 08 Feb 2006 build 8740