Showing a Craigslist scammer who's boss using Python
Video Statistics and Information
Channel: undefined
Views: 4,823,058
Rating: 4.8996387 out of 5
Keywords: craigslist scam, python, messing with scammers, engineer man
Id: UtNYzv8gLbs
Channel Id: undefined
Length: 5min 26sec (326 seconds)
Published: Sun Jul 29 2018
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.
SELECT * FROM passwords WHERE ip != "engineerman"
If the scammer has any sense they will be logging IPs and user agents and would easily be able to filter this noise out. You could get around this using tor exit nodes and randomised common user agents. Looking at the quality of the spoofed page they probably don't. The scammer should also be using a CSRF token to make this kind of attack more difficult.
Code review: that's unnecessary effort to convert the names to JSON and then parse the JSON instead of just reading lines from a flat text file. Also, pointless `''.join` on a single string for `name_extra`?
Part of me wonders if the weird POST URL and user/pass form field names is to help identify which target/email landed the user on the page.
It's possible the scammer would be able to easily discard all of these if they're scoped/tagged/associated with that single email.
Bonus points if they went the extra mile to create an entirely different website per email they sent out.
Back in the day, I got a Craiglist scammer big time by pulling a similar kind of prankβand let me tell you: getting the scammer's address and contact details was the easy part. The hard part was getting the python into the box.
Nice work!
FYI in case you weren't aware,
json
provides theload
method which takes in a file object so you don't need to use.read()
. You should also probably closing the file handle (either explicitly or using a with block).I realise that this probably doesn't matter one tiny little bit for a script like this, but it would be good practice for anything serious!
I liked the video.
The Post URL looks randomized, If you really wanted to flood the attacker's inbox, do a first request to grab a new "post" url, extract the form field keys, then send the results back in
If you really wanted to make this scammer suffer:
rm *yahoo.com