myspace profile tracker.

We may earn a small commission from affiliate links and paid advertisements. Terms

Got a new one going, works for IE and firefocks(IE's popup blocker will stop this):
It uses flash to open a window still ... then it closes that window before they see what's going on
Blogs are still usable.

You get a message in your inbox that says:
(Visitor)
Just Looking.

I will release it if anyone even cares anymore.
PM only.
 
VTECin5th @ May 8 2006 said:
Quoted post[/post]]
Got a new one going, works for IE and firefocks:
It uses flash to open a window still ... then it closes that window before they see what's going on
Blogs are still usable.

You get a message in your inbox that says:
(Visitor)
Just Looking.

I will release it if anyone even cares anymore.
Click to expand...


sure release it, or better yet, pm it to me
 
why cant you get rid of the popup function, is that the only way the execution can be completed?
 
vtecsir1 @ May 8 2006 said:
Quoted post[/post]]
why cant you get rid of the popup function, is that the only way the execution can be completed?
Click to expand...
So far, yes....
Unless i can find or manipulate my way into an XSS [cross site scripting] hole existing in the main profile page...
There's about 1.5 hours in coding just to get the rest of the request hidden.

It's all silent sockets other than the first popup, and then it reparses the original blogs page, removes the second swf file and writes it back to the screen...
There used to be tons of holes all over, now i only know of 3, all of which are way away from the main profile page...and one isn't authentic, as i have to make a POST request just for it to exist.
The silent sockets used are AJAX objects, AJAX sockets can not go across a domain. IE:
the xss hole is in blog.mySpace.com so i have to make sure every request is made to blog.mySpace.com...
I basically got lucky with the fact that blog.mySpace.com carries the mail.sendmessage function...
If i could find another hole in the mail section, i could also automatically delete the message they send, so it would be more un-detectable.
The blog.mySpace.com does not carry the mail.trashmail functions so that part was a no-go.

There's several elements to consider in this.
Finding an XSS hole
Setting up a dynamic way to use that hole.
Making requests from the parent url silenty.
Keeping it somewhat unrecognized.
Splitting and reparsing data.
Using flash to make the inital XSS hole appear on their screen (hence the pop to blog.myspace.com/myidy0)
It used to be soo much easier before Tom lol@my penix. :p
 
i like how it works, but if a popup blocker stops it then it doesn't work. i have a pop up blocker on my computer, but the one that comes up from hondaswap.com still breaks through the blocker. maybe you could use that type of pop up that can't be blocked. make it look like an ad for myspace or something.
 
get_nick @ May 8 2006 said:
Quoted post[/post]]
i like how it works, but if a popup blocker stops it then it doesn't work. i have a pop up blocker on my computer, but the one that comes up from hondaswap.com still breaks through the blocker. maybe you could use that type of pop up that can't be blocked. make it look like an ad for myspace or something.
Click to expand...
That would be awesome.. here's the case in point.
The ad from Hondaswap runs from javascript.
The ad from mySpace runs from flash.
There's ways to fool javascript into opening a window...
The only way to fool flash to open a window is to make it call javascript.
If i had javascript access on mySpace, i wouldn't need the popup in the first place.. :laugh:

I'm not a professional flash programmer, so there might be ways around it?
 
N/M
Fixed...
Updates:
I will be attempting to implent this as a nonpopup required thing.
No changes will need to be made on your end...just relax if it stops working for a minute or something.
 
VTECin5th @ May 9 2006 said:
Quoted post[/post]]
N/M
Fixed...
Updates:
I will be attempting to implent this as a nonpopup required thing.
No changes will need to be made on your end...just relax if it stops working for a minute or something.
Click to expand...

cool. cause i had a few complaints about all the pop ups. you are doing good work though. :worthy:
 
Thanks nick.

POP UP REMOVED.
[if you're still seeing it, it's in your cache]
^^^^^^^^^^^^^^^

Now it will just act funny for a second on their screen and then it will work right...
There's a 30 second flash cookie so it doesn't keep forwarding them over and over... i can raise that cookie or even make it optional if you guys want it to last longer or control how many seconds the cookie should last.

So far i've test Ie and it seems to work, im about to test ie7 and FF, will update right here.

FF: Approved-almost completely unseeable.
IE6: Approved-more noticable but they're still kinda confused before anything happens.
IE7: Approved-Most notiacable of all, will try to speed script up a little bit...

(sped script up 8/10ths of a second)
Works flawless on all 3 browsers, with or without popup blockers on.

Is 30 seconds long enough for the cookie?
 
i don't know what happened. but the last thing on there, when i would try to look at my blog, it would close the whole window. so now if the popups are gone, i might retry it. i'll give it another shot. hopefully there aren't any pop ups. thanks, again.
 
get_nick @ May 9 2006 said:
Quoted post[/post]]
i don't know what happened. but the last thing on there, when i would try to look at my blog, it would close the whole window. so now if the popups are gone, i might retry it. i'll give it another shot. hopefully there aren't any pop ups. thanks, again.
Click to expand...
Yea, it depends on how you go about getting to your blog :wink:
Now, with the flash cookie"" you should be able to view it anyways.. before i had the script auto close the window, no more of that.
Clear your cache...
If you're using it and think:
"WTF, the screen did something weird the first time, now it doesnt?"

That's because of the flash.. you have to wait 30 seconds before it will try again... this prevents XXX from viewing your profile 10 times and refreshing a bunch to keep sending you mail.
 
jeffie7 @ May 10 2006 said:
Quoted post[/post]]
NERDS
Click to expand...
:withstupid:

If it wasn't illegal, i'd sell this for $1 per user, and secure it so they had to be paid for in order to use it.
Out of 76million people, i bet at least 1 million people would buy it....
Yep, i'm sittin on the million dollar idea that i can't use... and it doesn't even hurt anyone :mad:
 
hmm im only getting the code to work when i look at my own profile. but not when someone else looks at mine. any idea? did you change something? this just stated happening today
 
mine still works. it's just with people who have the certain pop up protection it doesn't work with them.
 
You must log in or register to reply here.

Similar threads

G
93 hatch iab question
Replies
1
Views
594
Briansol
Briansol
pigeonsil40
does a 02-03 automatic rsx engine harness work automatic kpro ecu on a 99 honda cvic ek?
Replies
2
Views
706
phunky.buddha
phunky.buddha
bagsofcole
H22 Mild Build - Piston Choice
Replies
1
Views
845
Briansol
Briansol
Shingo Shouji
b16a or b16b for civic 95 dx hatch swap
Replies
2
Views
1K
Briansol
Briansol
N
Help with a 95 lx accord with H22A swap
Replies
2
Views
2K
nickwoo1
N
Back
Top