Taking a look at Omegle

Bad threads go here

Taking a look at Omegle

Post by thedotmaster on Mon Jul 20, 2009 7:17 am
([msg=27014]see Taking a look at Omegle[/msg])

Hey guys, it's been a while since I've hung around these parts. I thought I'd come back for a little while at least and share some things I've been working on. One of these is Omegle, which is at http://omegle.com.
For those who don't know, it's basically a site that lets you chat with a stranger that you are randomly assigned. It's an interesting idea and has sparked an infinite number of funny conversations.
Everything that I'm about to say has been worked out simply by reading the source, packet sniffing and just generally prodding around. There may be errors in it and if you notice one, please correct me. :D

Omegle is one big ball of AJAX, running from a single page (and receiving data from a number of others) and using the Moo Tools JavaScript library (http://ajax.googleapis.com/ajax/libs/mootools/1.2.1/mootools-yui-compressed.js). The code that powers Omegle can be found at http://omegle.com/static/omegle.js

First things first, when you go to omegle.com you see a big button with "Start a chat" on it. Clicking it brings up a conversation window. However behind the scenes we are making our first AJAX request (minus the /count one, I'll mention that later). This request is a HTTP POST to http://omegle.com/start. The post request actually contains nothing but the result is what is interesting - the stranger ID. This is a 6 digit code such as "8Ekxwo" consisting of the characters a-z A-Z 0-9 _ -. This seems to be randomly generated. Right now I don't know whether your stranger will always have that ID, or just for your conversation and when disconnected will be generated a new one.

Overview

Each page corresponds to http://omegle.com/[page] so /events would be http://omegle.com/events
These pages accept post requests only. I have included HTML and PHP code at the bottom for posting to these URLs.

/events
This page sends the server's responses to the client (which is the javascript running in your browser). When your stranger types, your client learns of it here. Information is retrieved from it by sending the stranger's ID. This is a possible point for exploitation as there seems to be no validation to check whether the stranger ID that you provide is in fact yours. This is backed up by the lack of a session cookie to identify the user. By spoofing a correct stranger ID, you may be able to spy on other people's conversations.

Here are the various bits of information that /events will send out:
  • "waiting" - This is the first bit of information that /events will send to the client, indicating that the stranger has not yet connected.
  • "connected" - This simply shows that the stranger has connected and is ready to receive messages.
  • "typing" - This is shown each time the user starts typing and is used to display the message "Stranger is typing"
  • "gotMessage","data" - This is a message sent by the stranger (note that data would be replaced by the stranger's message. Your messages do not appear here.
  • "strangerDisconnected" - Pretty self-explanatory.

/send
This is where your messages are sent to and through it, are routed to the /events belonging to the stranger. This is where a nice vulnerability seems to lie in Omegle, though I haven't tested it myself. It would seem that you can send a message to whoever the hell you want, as long as you have their 6 character ID. In fact, it would seem that you can do whatever the hell you want to them - including disconnecting them.
Now in fairness, it's just a bit of fun - there shouldn't be any personal information being shared and besides, if you're sharing some data with one stranger - what does it matter if another stranger takes a look? Course, if it does extend to disconnects then things could get kinda annoying for Omeglers.

The HTTP looks like this:
Code: Select all
POST /send HTTP/1.1
Host: omegle.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: http://omegle.com/
Content-Length: 18
Pragma: no-cache
Cache-Control: no-cache

msg=test&id=Fd5r2P


/typing
You send the stranger ID to this to indicate you are typing and again to indicate that you stopped. Again you may be able to spoof the stranger ID, though why you'd want to I don't know. :)

/count
This is something I stumbled across and it made me chuckle at their cheekiness. Notice that "XXXX users online" thing? It's a randomly generated number gathered from /count. It's requested with the GET argument 'rand', which is a random number generated by javascript. A seemingly random number is then generated from this.

/disconnect
Displays a "Your conversational partner has disconnected." message to the stranger who's ID has been passed to it.

Some code and some more explanation..

Now, if you're interesting in writing a client or an Omegle bot (and if you succeed please tell me about it), here's some python code that might help:
Code: Select all
import socket  # Whilst I first attempted to use urllib2, there were some really strange problems with it so turned to sockets.
def post(where, what):
...s = socket.socket()  # implicit, i know  ;)
...s.connect(("207.192.69.188",80))    # 207.192.69.188 is the Omegle IP
...s.send("POST /%s HTTP/1.1\r\n" % where)
...s.send("Host: omegle.com\r\n")
...s.send("Content-Length: %s\r\n" % str(len(what)))
...s.send("POSTDATA:"+what+"\r\n")
...s.send("\r\n")
...ret = s.recv(1024)
...s.close()
...return ret

data = post("start","").split("\r\n")
StrangerID = data[-1][1:-1]
print "Stranger ID:",StrangerID


Okay, yeah.. I admit that code is horrible - but it gets you your stranger ID.
Now Omegle posts that stranger ID, under the name 'id', to http://omegle.com/events - again using AJAX. For this I wrote a quick HTML form:
Code: Select all
<form method='post' action='http://omegle.com/events'>
<input type='text' name='id' value='[stranger ID]' />
<input type='submit' value=''/>
</form>


If you try that you'll probably be asked whether you want to download a file. Try downloading it and opening it in a text editor. This is what mine looked like:
[["waiting"], ["connected"], ["typing"], ["gotMessage", "hi"], ["strangerDisconnected"]]


Yeah.. they said hi to me and I ignored them.. whoops :p
But this little snippet has told us all we really need to know about the events protocol and it's pretty self-explanatory too.



Now let's go through this step by step.
While the conversation is running, the client (the javascript in your browser) is constantly checking /events for updates. With each check of /events, it sends the stranger ID it was given. If nothing has happened, the result is "null" - otherwise the data comes back in an array. It is then parsed and shown to the user in the chat box.

When the user starts to type something, the client detects this and sends the stranger ID to /typing. If they stop typing, they repeat this. If they then decide to send the message, it is posted to /send as msg=hello%20world&id=aj23SV, for example.

The /events page for your stranger will then show the message that you sent as [['gotMessage','hello%20world']]

If you wish to disconnect, the stranger ID is sent to /disconnect and /events page shown when entering your ID will be updated accordingly.
If your stranger decides to disconnect then the data is shown in /events when the stranger ID is passed to it.

Extra bits of code:
Code: Select all
<?php
// This function is from http://netevil.org/blog/2006/nov/http-post-from-php-without-curl
// It's pretty fab at posting stuff to websites.
function do_post_request($url, $data, $optional_headers = null) {
$params = array('http' => array(
                 'method' => 'POST',
                 'content' => $data
                 ));
if ($optional_headers !== null) {
  $params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!$fp) {
  throw new Exception("Problem with $url, $php_errormsg");
}
$response = @stream_get_contents($fp);
if ($response === false) {
  throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
?>


Code: Select all
# An easier way to post something in Python, but does not seem to work for omegle (though works locally) as far as I can see.
# If anyone can figure out why, please say!
import urllib
import urllib2
def SaySomething(what,id):
...data = what.replace(" ","%20")
...data = urllib.urlencode([("msg",data)])
...request = urllib2.Request(o+"send")
...return urllib2.urlopen(request, data=urllib.urlencode({'msg':'data'}))


I hope this helps or at least interests people. Feel free to copy/distribute/modify - but please quote "dotty" as the source.
Please post any corrections to this, and your own code and comments. Thanks.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Taking a look at Omegle

Post by godofcereal on Mon Jul 20, 2009 7:52 am
([msg=27021]see Re: Taking a look at Omegle[/msg])

Welcome back :). Im on that site now and it just feels wrong, I could be talking to a pedo... Anyway nice finds on it :)
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by thedotmaster on Mon Jul 20, 2009 7:55 am
([msg=27022]see Re: Taking a look at Omegle[/msg])

godofcereal wrote:Welcome back :). Im on that site now and it just feels wrong, I could be talking to a pedo... Anyway nice finds on it :)


Thanks, it's good to be back :)
Yeah, it's kinda weird but I like the idea. It shows a lot about what people are like when they have anonymity.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Taking a look at Omegle

Post by odomobo on Sat Jan 30, 2010 9:38 am
([msg=34127]see Re: Taking a look at Omegle[/msg])

I created an account so I could say thanks; you made my weekend project possible -- an omegle chatbot (megahal).

http://joshodom.net/omegle_hal/

I wrote it in perl. I could give you the code if you'd like.
odomobo
New User
New User
 
Posts: 6
Joined: Sat Jan 30, 2010 9:34 am
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by thedotmaster on Sat Jan 30, 2010 7:21 pm
([msg=34153]see Re: Taking a look at Omegle[/msg])

odomobo wrote:I created an account so I could say thanks; you made my weekend project possible -- an omegle chatbot (megahal).
http://joshodom.net/omegle_hal/
I wrote it in perl. I could give you the code if you'd like.


I'd love to see the code, that'd be brilliant! Could you post it in this thread if possible, instead of via PM, so that everyone can benefit from it. Awesome work :)
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Taking a look at Omegle

Post by DamegedSpy on Sat Jan 30, 2010 7:58 pm
([msg=34156]see Re: Taking a look at Omegle[/msg])

OMG LOL xD

It sometimes looks like intelligent. And sometimes as a fag.
This is a very nice hack. GJ odomobo.

And yes, we would love to see the source code.
DamegedSpy
Poster
Poster
 
Posts: 273
Joined: Sat Dec 19, 2009 1:40 pm
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by thetan on Sat Jan 30, 2010 10:17 pm
([msg=34158]see Re: Taking a look at Omegle[/msg])

http://github.com/phleet/Omegle-Voyeur
^^ completely awesome

i read somewhere that people have even employed such techniques and used IRC bots to forward the convos to special IRC channels in real time. Some one should totally do this for HTS IRC for lulz <3
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by DamegedSpy on Sat Jan 30, 2010 11:34 pm
([msg=34159]see Re: Taking a look at Omegle[/msg])

LOL.

I vote for a yes. Woot!
For the other part. I hate when they use security by obscurity :evil:
So basically this is a giant MiTM opportunity xD. Had someone filled a bug report yet?
DamegedSpy
Poster
Poster
 
Posts: 273
Joined: Sat Dec 19, 2009 1:40 pm
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by thetan on Sun Jan 31, 2010 2:45 am
([msg=34165]see Re: Taking a look at Omegle[/msg])

DamegedSpy wrote:So basically this is a giant MiTM opportunity xD. Had someone filled a bug report yet?

Why would any one do something so homo like that?

It's completely anon as is, no harm no foul, it's just awesome.
"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: Taking a look at Omegle

Post by faazshift on Sun Jan 31, 2010 3:11 am
([msg=34166]see Re: Taking a look at Omegle[/msg])

thetan wrote:i read somewhere that people have even employed such techniques and used IRC bots to forward the convos to special IRC channels in real time. Some one should totally do this for HTS IRC for lulz <3

A channel that keeps connecting, where everyone can participate would be awesome. If only I had the time to make such a bot.....
faazshift
Contributor
Contributor
 
Posts: 516
Joined: Wed Jun 03, 2009 3:55 pm
Location: Riverton, Utah
Blog: View Blog (0)


Next

Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests