Campfire perl bot hack

09 Feb

Posted by Harper as General at 10:54 PM
Tags: 2.0, 37signals, awesome, bot, campfire, chat, hacking, harper, irc, web

So i was playing around with campfire and i noticed that i could easy write a bot for it. so i did. it sucks. but it shows what you could do. how i love www mechanize. and perl. check it out:

http://nata2.info/?path=code%2Fcampfire_bot_hack

Oh yea. campfire is sweet. the 37signals guys did a great job. although i am a bit worried about how you can spoof the message post url in a tinurl and make anyone who clicks on it say whatever you want them to say ;) but that is naturally a weakness in a webchat.. especially with ajax.

here is the speak url;

/room/44/speak?message=message+here

if someone goes to that while in room 44 they will say “message here”

heh.

Campfire bot framework v.2 released

6 Responses

Jack Shedd

February 17th, 2006 at 9:46 pm
1

It should be pretty easy to secure the posting using server sessions, wouldn’t it?
cocolo

February 25th, 2006 at 10:07 am
2

You’re so cool !
But I think I prefer the 37 Signal guys.
You say you’re app doesn’t do anything. It could but the only thing it could do is harm. Really, you are so powerful ! Thanks for the community that needed another one like you.
nata2

February 25th, 2006 at 5:05 pm
3

Yea.. the 37signals guys are pretty cool. I like their stuff.

Well. I guess i feel that if a webapp has some exploits and the people who created the webapp are not interested in listening to problems with it - then those problems should be released. Not to exploit the webapp - but to make sure that developers see how security vulnerabilities happen and how they exist. This should and will allow people to develop better applications. EVEN the 37signals guys.. OMG.

And it is obviously not about power. but you are right.. it is about being cool.

And.. i DO think that the community needs more people interested in talking about PROBLEMS and security issues within web applications. Especially if applications are targetted towards businesses and what not.

Security through obscurity is not security.
youpy

February 26th, 2006 at 8:13 am
4

Here’s another campfire bot (greasemonkey script).

http://www.bigbold.com/snippets/posts/show/1517
nata2

February 26th, 2006 at 10:46 pm
5

Nice work..
Mark Coates

October 24th, 2006 at 12:57 pm
6

The only way that we can grow these apps together is through pushing the limits, like Harper has done. nata2 is right, too:

“Security through obscurity is not security.”

At least 37signals are being transparent, sharing the API and seem at least willing to acknowledge limitations and holes.

We recently wrote a bot mod for Campfire, too. Check it out. Keep posting!

Hi. My name is Harper. I am an engineer and software architect involved in social networks and the open source software. I am very happily employed as the CTO to the awesome skinnyCorp in Chicago, IL. We make some really cool stuff. This is obviously my blog. I write about everything from being a professional yoyoer to hacking the newest Internet appliance. Be sure and check out my homepage at harperreed.org. If you are so interested, my resume is located here. I love getting emails and what not so feel free to contact me through here.

Be sure and take a gander at my photos.

If you want to contact me click here to start a chat.

Harper Reed: Tech, Phones, Yo-yoing and Death Metal

Campfire perl bot hack

Related Posts

6 Responses

Status

Pictures

Friends

Popular Tags

search

Categories

Archives

Recent Entries

Recent Comments

Most Commented