Super Dave 26 Posted April 22, 2011 Report Share Posted April 22, 2011 Twitter has implemented a new system to track users of their web-interface using a combination of javascript, DOM objects, and browser-based localStorage to store user session tokens. Your help exploring this will speed up finding a better solution, but so far it looks like uBot is somewhat powerless against this (kinda, read below). If you want to see this in action, head over to twitter and after logging in do whatever you normally do to clear cookies[link]. You can browse away form twitter, or remain on the page.. as long as ubot is open the twitter session will stick with you. Here's where things get tricky. I'm currently sifting through the 20k+ lines of javascript libraries twitter loads up to make the site functional. Somewhere in these libraries is the answer to killing the session cookie using their own functions. Until I can track down those functions(More eyes on this would be awesome!) I've come up with a somewhat 'clunky' method to achieve anonymity with Twitter. Most of my bots for twitter are designed to login and stay on the same session. The ones I use to confirm accounts are the exception and needed a way to clear this session data. As I mentioned above it sticks with ubot as long as the window is open.. Here's how I'm doing things now.. The first thing I did was to modify my existing bot to make it's actions a one-time-only bot. Meaning, I clicked the play button and it masked it's useragent, cleared cookies(the ones we can at least), pulled a job from the manager, uses that data to login in confirm logout, then reports back to the manager with a status (confirmed/suspended/retry/review) before stopping. I compiled the bot as "TW-dbConfirm-Single" Then, in the same directory I created a DOS batch file to auto run the single instance of the bot, delay, then loop: :START @CLS @ECHO Launching TW-dbConfim... @TW-dbConfirm-Single.exe /auto @SET timeCt=30 :TIMER @IF (%timeCt%)==(0) GOTO START @CLS @ECHO Launching TW-dbConfim in %timeCt% seconds... @PING 1.1.1.1 -n 1 -w 1000 >NUL @SET /a timeCt=timeCt-1 @GOTO TIMER My ubot single-instance will run, do it's thing, and then close. When the program completes the batch file then moves on to the timer loop until %timeCt% reaches 0 and then jumps back up to START. So there you have it.. Hopefully this helps you guys who work w/Twitter and we can help each other get past this ;] Quote Link to post Share on other sites
UBotBuddy 331 Posted April 22, 2011 Report Share Posted April 22, 2011 It's amazing what some companies will do just to block our great software! Go figure. nice work Super Dave! I am bit a javascript guy so my propeller does not spin in that direction. Quote Link to post Share on other sites
meter 145 Posted April 22, 2011 Report Share Posted April 22, 2011 Cool stuff Dave, didn't know twitter was this efficient, thanks Quote Link to post Share on other sites
James J 3 Posted April 24, 2011 Report Share Posted April 24, 2011 Will running the shell command to clear tracks by process help with this at all? In your shell node command run this file... RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 James Quote Link to post Share on other sites
meter 145 Posted April 24, 2011 Report Share Posted April 24, 2011 Naw James, I suspect that twitter is using Javascript sorcery to somehow keep a global object in the browser memory remembering who you are. Restarting the browser restarts the javascript engine, hence it logs you out. That's my theory at least. Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted May 14, 2011 Report Share Posted May 14, 2011 Navigate with post data <form id="signout-form" class="signout-form" action="/logout" method="POST"> <a class="signout-button" href="#">Sign out</a> <input type='hidden' value='' name='authenticity_token' class='authenticity_token' /> </form> navigate to the twitter.com/logout with post data authenticity_token is nullshould do the trick to clear session. then wipe cookie data from pc. 2 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.