Silk Road forums
Discussion => Off topic => Topic started by: kmfkewm on September 15, 2012, 08:08 am
-
So far it only logs into SR, downloads the first ten pages of your private messages and prints the plaintexts one at a time after piping them to GPG. I can make it so that it shows who the message is from and lets you reply, I can even make it so that it goes to a certain thread on SR forum and downloads public keys from everyone who posts in that thread and automatically manages encrypting outgoing messages sent through it (in addition to automatically decrypting incoming messages). I can also have it automatically generate keys for users and upload their public keys to the post your key thread that it checks for new keys. I can make a neat little GUI for it with TK as well, and can also make it so that it prints non encrypted messages as well (right now it only cares about GPG ciphertexts). I could also make something like this for the silk road market , however I don't have a vendor account to look at how the HTML there works. This is only a quick little mock up to show that I am capable of such things, if people want a full fledged silk road PM system that manages encryption etc they will have to A. Let me know here and B. See how much bitcoin they can give me to make it worth my time. C. Possibly let me see the html vendors can see so that I can interface it to that as well
require 'socksify/http'
require 'socksify'
class PMHelper
def connect
URI.parse('http://dkn255hz262ypmii.onion')
end
def get_private_messages
puts "enter username"
username = gets.chomp!
#password echos to the screen currently, I can fix that if I spend a bit of time on it
puts "enter password"
password = gets.chomp!
puts "connecting to silk road....."
sr_connection = connect
Net::HTTP.SOCKSProxy('127.0.0.1', 9050).start(sr_connection.host, sr_connection.port) do |http|
puts "logging on....."
login = http.post2("/index.php?action=login2", "user=#{username}&passwrd=#{password}")
session_key = login['location'].match(/PHPSESSID=.*;action/).to_s.gsub!(";action", "").to_s + "&"
puts "getting private messages....\n\n"
#start at PM page 0
start = 0
#we will put all gpg ciphertexts into this array
encrypted_messages_html = []
#go through PM pages obtaining ciphertexts
loop do
pm_main_page = http.get("/index.php?#{session_key}action=pm;start=#{start}").body
#add each found ciphertext to the encrypted_messages_html array
pm_main_page.scan(/-----BEGIN PGP MESSAGE-----.*-----END PGP MESSAGE-----/).each do |message_html|
encrypted_messages_html << message_html
end
#private messages are displayed 15 at a time
start += 15
#break after reading the first 10 pages of PMs (this can be made much nicer and more precise if I spend more time)
break if start == 165
end
#html tags are not fun for GPG, let's make an array to put GPG readable ciphertexts into
encrypted_messages_regular = []
#let's strip HTML tags from each message, make sure they are formatted properly, and then add them to our array
encrypted_messages_html.each do |message|
message.gsub!("<br />", "")
message.gsub!("-----BEGIN PGP MESSAGE-----", "-----BEGIN PGP MESSAGE-----\n")
message.gsub!("-----END PGP MESSAGE-----", "\n-----END PGP MESSAGE-----")
encrypted_messages_regular << message
end
#lets pipe each of the ciphertexts to GPG and put the output, then block until the user hits enter
encrypted_messages_regular.each do |message|
decrypted_message = `echo "#{message}" | gpg -d`
puts decrypted_message
puts "press enter to see next message"
gets
end
end
end
end
s = PMHelper.new
s.get_private_messages
edit: fixed spelling mistakes
-
Pretty cool.
-
Of course if I do make something bigger than this it will be open source and free for everyone to use. I could easily have it check for orders, automatically decrypt them and even print out envelopes / labels as well ;). The main thing is that right now I am working on big projects and it isn't worth it for me to spend much effort on doing things like this for free.
-
Also I am nearly done with a ruby program that manages ECDH based message encryption and ECDSA authentication, message encryption is done with AES-CTR-256. It doesn't parse HTML for any of its functionality either, which is a big plus. I can post the source code here and if anyone is interested maybe SR can run a copy of the server script after it and the client are audited. I can have it so that it automatically encrypts outgoing messages, decrypts/authenticates incoming messages and manages key exchange and generation. I can quickly add MITM detection capabilities as well. I also already have a GUI 95% done. Pretty much it is simply a window that contains a 'title' and 'message' input box, and a list box of nyms. I will modify it so that it fetches a list of all registered nyms and their ECC keys from the central server and stores them client side. You simply select a number of nyms from the nym listbox, type your message and title and hit send, and the encryption etc is done automatically and hidden away from the user. It also has a button you can press that checks for new messages to you, lists them by their title and automatically decrypts/verifies them when you select one. It is fully cross platform and uses OpenSSL for crypto operations. If this is worth anything let me know, I can also make modifications to add functionality or whatever is requested.
-
I don't see anything in there that looks like it addresses the captcha box. Have you solved that and not included it or am I overlooking something?
-
I don't see anything in there that looks like it addresses the captcha box. Have you solved that and not included it or am I overlooking something?
This is for the PM system on the forum, however it is easy enough to work with a captcha by just having it display on a GUI and posting the response to the server.
-
I don't see anything in there that looks like it addresses the captcha box. Have you solved that and not included it or am I overlooking something?
This is for the PM system on the forum, however it is easy enough to work with a captcha by just having it display on a GUI and posting the response to the server.
Ah, so I was overlooking something. Specifically this bit:
def connect
URI.parse('http://dkn255hz262ypmii.onion')
end
Heh.
For forum PMs I generally just decrypt as I need to (i.e. when I'm responding) or use that shell script I posted in the other thread. It won't work on Linux, though, because the version of split on Linux systems doesn't have the pattern matching flag (-p). It will work on BSD and OS X.
-
I would have made it for the marketplace but I don't know what the html looks like. I could modify it to work there in an hour tops, although it will need to have a GUI for sure to deal with the captcha.
-
I would have made it for the marketplace but I don't know what the html looks like. I could modify it to work there in an hour tops, although it will need to have a GUI for sure to deal with the captcha.
It's a HTML table, just like the order system. That's why I opted for getting the user (vendor in the case of the code we've discussed elsewhere) to select the contents and paste it into a spreadsheet. It makes the data very easy to manage and allows easy creation of new files for each order or message with filenames based on the username.
Converting my other code to handle SR messages was dead simple, took about 10-15 minutes. I might look at it again after I've slept and move it all into one file. It still relies on copying the entire page into a spreadsheet and converting to CSV, though.