You Think Cookies Are Bad? Check this out!

[Super Dave 26]

Twitter has implemented a new system to track users of their web-interface using a combination of javascript, DOM objects, and browser-based localStorage to store user session tokens. Your help exploring this will speed up finding a better solution, but so far it looks like uBot is somewhat powerless against this (kinda, read below).

 

If you want to see this in action, head over to twitter and after logging in do whatever you normally do to clear cookies[link]. You can browse away form twitter, or remain on the page.. as long as ubot is open the twitter session will stick with you.

 

Here's where things get tricky. I'm currently sifting through the 20k+ lines of javascript libraries twitter loads up to make the site functional. Somewhere in these libraries is the answer to killing the session cookie using their own functions. Until I can track down those functions(More eyes on this would be awesome!) I've come up with a somewhat 'clunky' method to achieve anonymity with Twitter.

 

Most of my bots for twitter are designed to login and stay on the same session. The ones I use to confirm accounts are the exception and needed a way to clear this session data. As I mentioned above it sticks with ubot as long as the window is open..

 

Here's how I'm doing things now..

 

The first thing I did was to modify my existing bot to make it's actions a one-time-only bot. Meaning, I clicked the play button and it masked it's useragent, cleared cookies(the ones we can at least), pulled a job from the manager, uses that data to login in confirm logout, then reports back to the manager with a status (confirmed/suspended/retry/review) before stopping. I compiled the bot as "TW-dbConfirm-Single"

 

Then, in the same directory I created a DOS batch file to auto run the single instance of the bot, delay, then loop:

 

:START
@CLS
@ECHO Launching TW-dbConfim...
@TW-dbConfirm-Single.exe /auto
@SET timeCt=30
:TIMER
@IF (%timeCt%)==(0) GOTO START
@CLS
@ECHO Launching TW-dbConfim in %timeCt% seconds...
@PING 1.1.1.1 -n 1 -w 1000 >NUL
@SET /a timeCt=timeCt-1
@GOTO TIMER

 

My ubot single-instance will run, do it's thing, and then close. When the program completes the batch file then moves on to the timer loop until %timeCt% reaches 0 and then jumps back up to START.

 

So there you have it.. Hopefully this helps you guys who work w/Twitter and we can help each other get past this ;]

[UBotBuddy 331]

It's amazing what some companies will do just to block our great software! Go figure.

 

nice work Super Dave! I am bit a javascript guy so my propeller does not spin in that direction.

[meter 145]

Cool stuff Dave, didn't know twitter was this efficient, thanks

[James J 3]

Will running the shell command to clear tracks by process help with this at all?

 

In your shell node command run this file...

 

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

 

James

[meter 145]

Naw James, I suspect that twitter is using Javascript sorcery to somehow keep a global object in the browser memory remembering who you are. Restarting the browser restarts the javascript engine, hence it logs you out. That's my theory at least.

[LoWrIdErTJ - BotGuru 904]

Navigate with post data

 

 

<form id="signout-form" class="signout-form" action="/logout" method="POST">

<a class="signout-button" href="#">Sign out</a>

 

<input type='hidden' value='' name='authenticity_token' class='authenticity_token' />

</form>

 

 

navigate to the twitter.com/logout with post data authenticity_token is null

should do the trick to clear session.

 

then wipe cookie data from pc.