Category Archives: Hacking

Hacking MessageParty with HTTParty

From Mashable: “MessageParty, an early-stage YCombinator-funded startup, takes the classic concept of a chat room and adds a geosocial twist by making any chat room location-aware.” Here’s the TechCrunch link.

Not a new idea. But the app is actually pretty cool in its simplicity (though still rough around the edges), and I found the video absolutely hilarious and illustrates the new world we live in:

Ok cool… hacking time now. I’ve been really interested in real-time mobile stuff lately, so I was curious on how this service works. Enter Wireshark (formerly Ethereal), a packet sniffer. So I connect my iPhone to WiFi and started looking around… they pass around the messages via plaintext HTTP in JSON payloads… looks like the client polls the server with a GET every few seconds. Simple enough… Ok let’s set up a filter “http && ip.addr ==” (that’s their server’s IP) and take a better look:

Simple enough… they’ve got some kind of ruby app up behind the scenes, the client GETs /rooms/:id/roommessages.json to get the new messages, and POSTs to /roommessages.json for outgoing messages. The JSON payload just basically has your profile pic url, your user_id, the room_id and the message you want to send.

Let’s continue the MessageParty with HTTParty!

Fake the headers, fake the JSON payload, cuz they be faking everybody out there … and voila…

I don’t mean to be an ass, but this just ain’t gonna fly… I didn’t check if they rate limit, but you can pretty much spoof anything in there… I know it’s a very early version, but common guys… you got YC funding and tons of press.. surely you could have done better for the first version?