Testing if phishing works on twitter(experiment)
Demo: https://x.com/_RobinRoy/status/1731364248771527133?s=20
This redirects to https://chat.openai.com/ and not https://x.ai as the thumbnail suggests
This has issues far-reaching, we can effectively bypass "any" twitter set link firewalls using this.
- we can effectively bypass the Twitter/x safety link filter using this.
- the Twitterbot has no way of knowing what link it is pointing to, so scamming/bypassing the Twitter/x firewall is super easy
Twitterbot goes to the posted link and looks at the Location response header to get it's "real" URL (in case of redirects). That's why the posted URL doesn't have to be to be the same as the URL of the OG image.
This makes it very easy to trick people.
The code is inspired by eykrehbein/fake-og and this tweet and this