Twitter for Fun and Profit
by xnite
On Twitter, there are many bots, most of which are run by one piece of software, which steals someone's account when their computer is infected. Today, I'm going to show you a new type of Twitter botnet which does not illegally infect computers, or steal anyone's accounts. Keep in mind, this may be breaking Twitter's terms of service, but this is not breaking the law.
Step One: you will need to learn Twitter's oAuth protocol. There are many websites which will give you a tutorial on setting up oAuth, but for time's sake, I won't go into that. In my code, I decided to use the TwitterOAuth class which, if you Google it, you should have no issue finding. Okay great, so you got oAuth, now what? You need to study the oAuth and learn it, make it your own, learn how to make your code, send out a tweet, follow people, change account information, unfollow people, etc. For this demonstration, I have thrown together two pieces of code below demonstrating how to follow someone and tweet in PHP with oAuth.
With those two functions in your code, you reduce the number of lines you need to make your bots perform each action. This is also good because if you messed something up, instead of having to go through this piece of code a hundred times, you can just fix the function, so it reduces the testing time when you think youare about ready to launch.
Now that you have the two functions, you'll need for a basic setup, you need to come up with how you will do up your bot database, and write functions to call data from that database.
I decided to make a plain text file database and call each line as an array, so the database structure is as such:
The username isn't required to be in the database, as the only things you will need are the oAuth keys and tokens, but this greatly helps identify each bot later down the road, so I put it into my database. The next step is to write another function which can pull the bots' oAuth info from the database. Luckily with the way arrays work, depending on the line of which the bot is on, we can pull the data based on this line. Here is a simple function below to pull the bots' data from the database by line number, and throw it into an array based on the database scheme:
The first function will count the number of bots listed in the database. The last bot listed would be that number minus one. So if the database_count_bots() returns 3, to pull the very last bot's data in the DB we will use the command database_read_bot(database_count_bots() - 1); as the database starts at 0 and count starts at 1.
Now that I've given you a few functions, I think it should be rather easy for you to code something around these functions to make a completed working project. Remember, I did this in under 24 hours over the weekend. It's time that we move onto actually using the botnet.
When using your Twitter botnet, you need to keep a number of things in mind. First of all, you may have the ability to Tweet a message across all the bots, but Twitter may notice this and shut them down. Also, it's a good idea to sign up your bot accounts via different IP addresses in order to better reduce the risk of, once again, getting caught.
At the time of writing this article, the Twitter oAuth API allows for 350 requests per app per hour. I'm not sure what the limit is on a per IP basis, so just be smart and use your botnet sparingly. Another thing to keep in mind is that you not only want Twitter to be convinced that each bot is a human, but you also need for other Twitter users to think it is human as well. So in my web UI, I made it capable of sending a tweet by a click of a button from only one bot. I also created a feature to allow bots to "Tweet Jack" making each bot follow someone and post that person's tweet as their own, being sure not to include anything with a mention, as the person mentioned may notice and report back to the person whose tweets you are jacking.
After fine tuning your bots and their evasion techniques, further automating the system, it's time that you focus on getting your bots followers. To get followers for your bots, there are some great hashtags. Try following other bots that help you get followers, and post hash tags like #teamfollowback and #teamautofollow. This is a sure way to get at least a good 50 followers daily. After you have accumulated a decent amount of followers and are growing, there is at least one great website I should mention where you can use your bot accounts to turn all of your hard work and effort into cold hard cash. This website is Pay4Tweet.com. They allow you to add your bots' accounts into your account with them, and then you can set pricing for tweets from your bots. People are always looking to spam or get more followers. Charge somewhere in the area of $1 per tweet and you are golden. The more followers your bots have, the higher up in the list they will be on the Pay4Tweet website. I should mention that people are more likely to pay for a $1 tweet from a bot with 10,000 followers than they would for a $5 tweet from a bot with 100,000 followers. This is because, as the accounts may have more followers, they can get more exposure by spending the same amount of money to send out more tweets.
Now that you have your Twitter botnet, and you know where to go to make all that effort pay off, go out and have some fun, sit back, relax, and watch that cash flow in. For help, or if you would like to request to view the source of my code, please contact me via email.