September 3, 2013

Faking Viewers on Twitch TV

Update: It appears that Twitch has capped views to ten per IP. While this method still works, you’ll need to supplement it with proxies or multiple IP’s. It’s still a good read though 🙂

An intro to Twitch:

Twitch is the largest video game broadcasting community. Most professional gamers live stream onto Twitch and almost every major eSporting event is broadcast through Twitch. There are hundreds of thousands of fans at any given time, all watching live streams.

Since there are hundreds of broadcasters simultaneously streaming, only the top broadcasters get featured on the first page of the channel browser. This position is determined by the number of live viewers watching the live stream. As you can see in the picture below, if you are not ranked in the top 7, you get put in the ominous “View All” button.

In most cases, only the well known broadcasters (usually pro-gamers with large fan bases) are featured on the front page, with all the others hidden away. Because of this, it is extremely hard for new streamers to get their content featured and get more fans. This is a huge catch-22, but according to Twitch, it’s the best way to ensure that only good content gets displayed.

Reverse Engineering Twitch’s View Counter

Although I do not personally play video games or broadcast on Twitch, I wanted to see if there was a way to fake the number of live viewers on a stream in order to be featured on the front page.
Continue Reading…

August 27, 2013

A Summer with Sharewave in New York

Note to readers: I used the present tense to describe facts and past tense to describe my personal experiences. Sorry for any confusion.

I had the pleasure of working with Sharewave this summer. Sharewave is a platform for private companies to manage their shareholders and investor relations. The Sharewave office is located in the middle of Manhattan, on Madison and 39th – just a few blocks south of Grand Central. This prime location was one of the biggest reasons I chose Sharewave for an internship. As it turns out, however, I got a lot more than I expected.
Continue Reading…

July 21, 2013

Howto: Automatic cPanel Backups

Intro: As many web devs know, the web hosting panel, cPanel, has quite a powerful “full backup” feature. The only problem is that if you want a full backup, you have to log into cPanel, navigate to the backup page, click the backup button, wait for the backup to finish, and then download it. If you’re like me, and would like to make sure I have frequent backups of everything, making backups can get annoying.

The following is a short 5 minute tutorial to set up your cPanel to automatically create backups and store them (for free) in another remote location via FTP using a PHP script and cPanel’s cron jobs.

Requirements:
1. Your cPanel login information
2. (Optional) A remote FTP location to store backups
Continue Reading…

June 30, 2013

My Bitcoin Experience

Back in early 2012, I was introduced to Bitcoins. Wanting to try them out, I decided to put $50 into Mt. Gox in hopes of exchanging it for some bitcoins. At the time, bitcoins were at an all time high…of $5. Thinking that it was too much, I decided to wait for them to go back under $5 before I bought any.

Fast forward to 2013. I see a Reddit post about bitcoins reaching an all time high of $260 each. I looked at the charts and kicked myself for not buying bitcoins when they were only $5 each.

So for the past few months, everytime bitcoins came into the conversation, I would tell my misfortune of not buying bitcoins when they were just $5 each.
Continue Reading…

May 9, 2013

Fake Link Clickjacking

Chances are that you’ve already been a victim of this.

If you’ve used Google search with your Javascript enabled, you might’ve noticed that when you hover over a result, the link that shows up in your browser is to the respective website. But when you actually click on it, you are sent to a Google URL that redirects to the original site. Google does this for analytic reasons, so it’s fairly harmless to users.

This type of clickjacking, like almost all other forms of clickjacking, uses Javascript. The version I wrote, however, is a little better than what Google uses. But first, let me start with a live demo:

You may think this link leads you to Google. But try clicking it.

You might think, pretty harmless right? But what about something like this:

You can probably now see how this could be used.

The method is fairly simple – you just change the href on the anchor right before the mouse click is released by using onmousedown. If you click and hold the link, you’ll see that the URL changes to Bing.

What makes my code different than Google’s? Well, if you click and hold a link on the Google search results and end up dragging away (basically not fully completing the click), the URL is permanently changed to the Google one. The code I have restores the original URL every time the mouse moves over the link. It’s not a big change, but it could make a difference.

Without much further ado, here’s the code.