How To Get Banned From A New Social Network



Messing around with new networks is fun

A few days ago I found a new social network called Coldcast (sounds cold right?). After making an account, opening up the network tab in the browser dev tools and watching some requests... I came up with this stupid idea.

FOLLOW EVERYONE!

I think the total users for coldcast.org is about 2430 at the time of writing this.

The users have an ID most likely based on the database ID. This means we can go from 1 upwards and quite simply send a request using a cookie from the browser login.

  • User ID 1 is the Admin account
  • User ID 2 is a test account

Here's what I came up with...

coldcast.py

import requests
import time
import random
from halo import Halo
import pickledb

def main():
    spinner = Halo(text='Booting up....', spinner='dots')
    spinner.start()

    db = pickledb.load('data.db', False)

    cookies = {
        'PHPSESSID': 'XXXXXXXX',
        's_night_mode': '1',
        'c_user': 'XXXXXXXX',
        'xs': 'XXXXXXXX',
    }

    headers = {
        'User-Agent': 'XXXXXXXX',
        'Accept': 'application/json, text/javascript, */*; q=0.01',
        'Accept-Language': 'en-GB,en;q=0.5',
        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
        'Referer': 'https://coldcast.org/',
        'X-Requested-With': 'XMLHttpRequest',
        'Origin': 'https://coldcast.org',
        'Sec-Fetch-Dest': 'empty',
        'Sec-Fetch-Mode': 'cors',
        'Sec-Fetch-Site': 'same-origin',
        'Connection': 'keep-alive'
    }

    max_user_id = 2430

    ids = [i for i in range(3, max_user_id)]
    random.shuffle(ids)
    max_wait = 50

    cc = random.randint(max_wait - 15, max_wait + 15)
    c = 0

    for id in ids:
        if not db.exists(str(i)):
            data = {
                'do': 'friend-add',
                'id': str(id),
            }
            response = requests.post('https://coldcast.org/includes/ajax/users/connect.php', cookies=cookies, headers=headers, data=data)
            c += 1
            spinner.text = f'{c}/{cc}'
            db.set(str(id), 'done')
            db.dump()
            if c >= cc:
                spinner.succeed(f'Sent {cc} requests')
                spinner.stop()
                quit()
            time.sleep(random.randint(10, 20))

if __name__ == '__main__':
    main()

The results

After nearly 500 requests over 24 hours it's done.

Thanks for reading. x

Resources