stickam?

DeFRaG · **Posted:** 22 Apr 2008 11:02

Well im just curious is there any sort of fake players bug or something for stickam.com? Basically theres a few like chatrooms of some sort on the site and well i was just wondering. And well sorry if this is posted in the wrong section :P lol. Thanks

aluigi · **Posted:** 22 Apr 2008 18:51

I already looked a bit to stickam in the past and if I'm not in error it's all flash based or, in any case, had something which didn't lead to a project.
Anyway I don't write fake players for centralized networks.

Sethioz · **Posted:** 23 Apr 2008 19:23

maybe ill take a look in it ..
im not a programmer and not able to write tools like Luigi does, but usually im able to spam/flood chatroom in some way with packet tools.

most chatrooms are very vulnerable anyways. in one chatroom its possible to talk under other names..using only ''tamperdata'' (its a firefox add-on).

if you know something about packet editors..you could try them. im using commview and WPE pro mostly... one of them always works (unless its challenge response system, but i doubt it exists in chatrooms)

shouldn't this be in the fake players ?

DeFRaG · **Posted:** 26 Apr 2008 13:55

alright sweet by any chance you already have something for just!n.tv as well or no lol be so fucking funny dude anyways ttyl and thanks.

DeFRaG · **Posted:** 27 Apr 2008 11:04

sorry for the double post but how would i get around a ban on just!n.tv? ive tried proxy and web site proxy but seems to not work not sure what else to do lol :D. Thanks for any help i apprectiate it.

Sethioz · **Posted:** 28 Apr 2008 05:27

nonsense...proxy ALWAYS works .. unless its some country based site where you can only access it from known country.

get TOR ..best proxy.

DeFRaG · **Posted:** 28 Apr 2008 08:32

Trust me man it doesnt work if u use a website proxy the video ur trying to view would say Close Popup or some shit like that and for my own proxy ive tried and well I get there but the video and shit just doesnt load they dont load for some reason its so fucking weird :P.

aluigi · **Posted:** 28 Apr 2008 11:06

maybe it's some unique identifier sent by your browser (or flash)

DeFRaG · **Posted:** 05 May 2008 04:33

yo do u think flashchatz fake players bug would work in jtv?

aluigi · **Posted:** 05 May 2008 11:15

no, flashchatz has been build using the specific protocol of the Flashchat application

DeFRaG · **Posted:** 06 May 2008 05:22

ok lol i had no clue i saw flash i was like let me try this haha but yea ive tried fucking around with jtv but i cant really figure out anything

Sethioz · **Posted:** 06 May 2008 06:45

jtv works just FINE with proxy .. just tested it. everything works. loads videos ..etc.
lil bit slow, but it depends wht proxy its connected to.

oh and did you guys tested some packet editors on chat ?

DeFRaG · **Posted:** 29 May 2008 08:33

roflmao i just saw the most awesome shit ever. I was thinking about making something like this but i dont see how i would make it so the people would all login on the site but look at this screenshot i took when i went into a just!n.tv channel lmfao so funny. i was going to rage the bitch in the channel make her go to a fucked up website so hard for dumbass people on the internet to close lol but yea this happened and made her broadcast like stop lol.

anyways if u know of a place to get this JTV Fl0od3r or w/e lol let me know or if u can create one please do so becuz it would be so fucking epic lol anyways im out later fella's.

Sethioz · **Posted:** 29 May 2008 15:09

dude try the damn packet editors on it.
im sure you can do that with packet editor.
to me it seems like a flood from a wordlist. basically you can also do this by resending join+text packets.
recently i tested packet editing in one other web-based chatroom and there you can chat under other persons names lol. good way to get somebody kicked.

DeFRaG · **Posted:** 29 May 2008 15:59

cool i didnt think of that do u think u can tell me a good one to use or tell me the one that guy might have been using :D?

btw thanks

DeFRaG · **Posted:** 30 May 2008 06:33

rofl nvm i found out that just!n.tv chatrooms are using irc so yay more fun :P lol this is gonna be fucking epic lulz.

aluigi · **Posted:** 30 May 2008 09:49

the protocol used by a program is the first thing you needed to check... big error DeFRaG 8-)

Sethioz · **Posted:** 30 May 2008 17:27

uhm.. maybe ill check it today and see what i can do.

Sethioz · **Posted:** 30 May 2008 18:02

i made few quick tests on it.
it is protected against simple flooding. it means you can't send one message again in no less than 30 secs. so if you send a word ''test'' and try to send it again before 30 secs then it wont allow it, but tht doesnt mean you can flood lol.
I used WPE pro and it works just fine. i captured one packet containing '':)'', added it into send list like 20 times. then i edited each packet so content was ''01'', ''02'' ..etc. flood worked just fine.
NOTE - you can't actually see it, because you are sending them with WPE pro not with your web browser. only other ppl there can see it. so if you make enought packets .. like 100 and set it to send 100 in 30 seconds and each packet contains different text, then you should have no problem flooding it. more different packets = faster you can flood it.

same goes for users. it doesnt need any verification, just register and login. im not that good in C to write fake player tool, but i could do it with packets. capture one registration, save packets, then modify username...and just send packets again. in theory it should work, but i didnt test it. so ask Luigi, maybe he will write a fake 'player' tool.

also something that is very wierd..usually i use tamper data (firefox add-on) to mess with chatrooms, but it doesnt even ''see'' the data on this site. i mean not the chat...it should pop up and ask wht to do with the data you trying to send, but it doesnt react on it.

anyways it was a quick reply..maybe i will make some more tests. like join/leave test and such.

DeFRaG · **Posted:** 31 May 2008 02:09

lol thanks luigi :P

also i think u should try doing what he said hehe that be fucking awesome :P and sethioz thanks for that.

also sethioz if you dont mind can you explain a bit more i mean im fine with my user name sending the data but how would i make it so i can get alot of other usernames to send data as well?

Sethioz · **Posted:** 31 May 2008 17:28

well in theory .. everything is packet based lol. I post = i send a ''post'' packet containing THIS text.

so in theory its possible to flood with user+msg, just like its on this screenshot. you simply have to make lot of users and record the login process+msg flood, but you need to filter out right packets.
then add all those packets into WPE pro's send list in right order .. and just resend them all. but best way is still to make cmd based flooder (fake player) like Luigi makes them :)

DeFRaG · **Posted:** 05 Jun 2008 13:38

ok cool i spammed a bit over IRC which was pretty funny but now they have it so the account needs password so i guess that sucks now but its w/e it was fun while it lasted lol and thx for the help. also i thought id ask luigi u think u can possibly make a fake players bug in the near future :D?

aluigi · **Posted:** 05 Jun 2008 14:42

a fake players for IRC?!?!? oh no no no
fake players have sense only in specific applications and moreover in games

Sethioz · **Posted:** 06 Jun 2008 00:17

basically it isnt a IRC if u look at webpage. it would be similiar to flashchat.
1 - makes user (user + pass)
2 - logs in + spams random text (becaus login does not give any msg)
but bad thing is tht .. it would be specifically for this website then.

uh ?? as far as i know . .u always had to register there to be able to chat

high6 · **Joined:** 19 Apr 2008 00:59 **Posts:** 42

Aren't stickam packets encrypted/compressed?

Sethioz · **Posted:** 06 Jun 2008 14:46

nope its plain text.
if you monitored it .. you only saw the video. which ofc looks like ??#"??"#??"#??. its data .. thts why. chat is still in plain text.
its very hard to filter it out, because chat and video r in same port.

Code:

Packet #1
C."??..??....doServer.............type...1..trans...........event...chatMsg..msg...blahlol..channel..   175519017.   fontColor...0000FF..fontS??ize...12..font..._sans..from...u129..to...all..

this is a text packet.

high6 · **Joined:** 19 Apr 2008 00:59 **Posts:** 42

ah, I really need to remake wpe pro already XD. Would help for this kind of sniffing.

Sethioz · **Posted:** 07 Jun 2008 01:15

remake ?
wpe pro isnt good for this anyways. use commview. i didnt look into it, but im sure that those video and audio packets can be filtered out. so it leaves only the chat packets.
or you can simply make a filter for chat (which isnt best idea, cuz there maybe more stuff to look than only chat)

Code:

str(chatMsg)

and set it to capture this packets. this way it captures only the sent chat messages (or you can choose any other string to capture from chat packet).
this is how i found it, i set rule to catch my message text only.

high6 · **Joined:** 19 Apr 2008 00:59 **Posts:** 42

Code:

http://player.stickam.com/flash/sti.ckam/stickam_chat_medium.swf
?ver=2.3.22
&flashPath=http://player.stickam.com/flash/stickam/
&defaultMedia=slideSho.w
&langID=en
&userName=high6
&hostName=http://www.stickam.com
&playerID=552722
&userID=173752006
&autoplay=1
&bgcolor=D900FF
&.photo=http://static.stickam.com/media/image/converted/flash/1737/5200/6/6b7582f4-29a8-11dc-8b70%.2D1516e8d68f34.jpg
&userSiteID=1015547
&sessionType=115
&skinType=medium
&userIP=127.0.0.1
&app=stickam_chat_medium.swf.
&skinName=medium0
&userType=204
&minDiskSpace=100000

A setting it sends. The random periods are 0xC3. Possibly a continue for long strings?

Also it uses rtmp for streaming.

Sethioz · **Posted:** 12 Jun 2008 07:58

hmmm.
better try to filter out ALL video and audio packets, leaving only chat.
kind a confusing..it uses same port for all 3 - chat, video, audio.

Luigi Auriemma

stickam?