h/twtfakelinks
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
twtfakelinks/static/index.html

56 lines
3.4 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/style.css">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=DM+Sans:ital,wght@0,400;0,500;0,700;1,400;1,500;1,700&display=swap" rel="stylesheet">
<title>doing a little bit of trolling</title>
</head>
<body>
<h1>doing a little bit of trolling</h1>
<p style="color: red">This was patched after <a href="https://twitter.com/1lexxi/status/1731427821946364000">a viral post</a> was made about the same vulnerability. This page remains online just as an archive, and so the few links made with it don't break.</p>
<p>Wanna post a link, but have Twitter not notice? For some reason? This may be the tool for you ;)</p>
<input placeholder="URL to redirect to here" autocomplete="off" type="url" name="link-for-the-world" id="link-for-the-world">
<input placeholder="URL Twitter displays here" autocomplete="off" type="url" name="link-for-twitter" id="link-for-twitter">
<div id="result-stuff" class="result-stuff" style="display: none">
<p>Here's your URL to use on Twitter (don't blame me if you get banned lol):</p>
<code id="result-link" class="result-link"></code>
</div>
<p>For example, put a link to your Mastodon profile in the first input box, and put a link to Elon's Twitter profile in the second box to make a link that looks like it goes to Elon's profile but goes to your Mastodon instead when clicked.</p>
<div class="demo-graphic">
<img src="/elon-link-card.png" alt="Screenshot of a Twitter card for Elon Musk's profile" class="link-card-graphic">
<img src="/arrow.png" alt="arrow" class="arrow-graphic">
<img src="/mastodon.svg" alt="mastodon logo" class="mastodon-graphic">
</div>
<p>(This could be used to make phishing links, sorry about that, but Twitter has had this unpatched for so long now and have been warned about this vulnerability multiple times, so they allowed this to happen.)</p>
<br>
<p>made with ❤️ by <a href="https://fuckgov.org">fuckgov.org</a> - <a href="https://git.gay/h/twtfakelinks">source code</a></p>
</body>
<script>
function isValidUrl(str) {
return /^(https?:\/\/.)[-a-zA-Z0-9@:%._\+~#=]{2,256}\..{2,15}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)$/.test(str)
}
function onInputChange() {
let worldLinkUrl = document.getElementById('link-for-the-world').value
let twitterLinkUrl = document.getElementById('link-for-twitter').value
if (!isValidUrl(worldLinkUrl)||!isValidUrl(twitterLinkUrl)) {
document.getElementById('result-stuff').style.display = 'none'
document.getElementById('result-link').innerText = 'invalid URLs (be sure both are proper URLs beginning with https://)'
return
}
document.getElementById('result-stuff').style.display = 'block'
worldLinkUrl = worldLinkUrl.replace(/https?:\/\//, '')
twitterLinkUrl = twitterLinkUrl.replace(/https?:\/\//, '')
let urlOfPage = new URL(window.location)
urlOfPage.pathname = `/${btoa(worldLinkUrl).replace(/=/gm, '')}/${btoa(twitterLinkUrl).replace(/=/gm, '')}`
document.getElementById('result-link').innerText = urlOfPage.href
}
document.getElementById('link-for-twitter').addEventListener('input', onInputChange)
document.getElementById('link-for-the-world').addEventListener('input', onInputChange)
</script>
</html>
Reference in a new issue View git blame Copy permalink