Social engineering is a very interesting subject, penetration testing is one of the techniques need to be applied! !
QQ Saturday morning received a friend request, looked under a pinpoint through QQ number, that is a friend acquiesced, but later discovered that the addition of another story, so it is absolutely the users to be understood.
Suspicious Point
1 通过QQ号码查询,但不是我好友
2 QQ等级 一个小星星,小号可能性
3 可能是诈骗qq(这个是我深入的理由)
The ultimate goal
最终我需要获取到对方的信息:
1 姓名 性别
2 住址
3 主要目的
Performances begin
Young people like to use QQ and other social networking tools, from social networking sites, paste it and other aspects of useful information not found, the cause may be the new number, and pulled me into a discussion group, that is fraud associates to simple social worker, also No message. Spent some professional information technology did not. Very hard to accept, it seems only embarrassed chat! !
Since it is QQ, QQ then we start from this point
qq level a little star, may be more consistent trumpet screen name and age girls high data possible.
She added My purpose is to find a friend screen name Jasmine aged 15-20 years old. I believe you are a ghost.
Then I started the cliches
The name of the basic set, she started to ask my name, I order to reduce guarded with my classmates name. She should be believed then told me his real name!
She said she was looking for his classmates, use criteria to find me. But here show the QQ number to find this point she did not explain. Coincided sixty-one, I Shunkou Wen her school did not organize Children's Day. Routine think about age. Age 19 seems more credible.
I'm just saying that one age, one year older than me, she said, 19!
Short of a location, he said she was in Henan Province, did not specifically say it seems wary. But we can make use of technical means.
I use xss platform to write a small web page directly to her, lied to this site can help you find a friend. But you need to obtain the consent of position. Is actually a js script, get latitude and longitude. The draw back to a time in terms of combined xss attacks
The attack code into the page on the line
Soon we received a return information, including latitude and longitude information about a visitor's browser ip phone! !
Latitude and longitude online check website, in order to protect personal privacy I hold the map! ! ! Is a good boy, talk back in order to avoid the feeling told me to buy tea, I have no depth, deleted friends! ! !
If in doubt welcome you to leave comments or contact details plus the introduction of technical discussions, exchange!