Web2.0 Hacking

1. Information Farming

1.1. Data Aggregation

1.1.1. Collecting Information

1.1.1.1. Reason

1.1.1.1.1. knowlege

1.1.1.1.2. semantics

1.1.1.2. Tools

1.1.1.2.1. Server Side

1.1.1.2.2. Client Side

1.1.2. Analyzing Information

1.1.2.1. Reason

1.1.2.1.1. to know better

1.1.2.1.2. to plan better

1.1.2.1.3. to measure success

1.1.2.2. Tools

1.1.2.2.1. Feeds

1.1.2.2.2. Trafic

1.1.2.2.3. Custom

1.2. Data Distribution

1.2.1. Reaching Individuals

1.2.1.1. Reason

1.2.1.1.1. Inflience

1.2.1.1.2. Direction

1.2.1.1.3. 0wnage

1.2.1.2. Tools

1.2.1.2.1. Comments to personal blogs

1.2.1.2.2. Pingbacks to personal blogs

1.2.1.2.3. Trackbacks to personal blogs

1.2.1.2.4. Bookmarks part of the same interest group

1.2.1.2.5. Social Networks

1.2.2. Reaching the Masses

1.2.2.1. Reason

1.2.2.1.1. mass Influence

1.2.2.1.2. mass 0wnage

1.2.2.1.3. mass Direction

1.2.2.2. Tools

1.2.2.2.1. Splogs

1.2.2.2.2. Search Engines

1.2.2.2.3. Aggregators

2. API Mastering

2.1. Reason

2.1.1. to accommodate Web Agents

2.1.2. to accommodate Sophisticated Worms

2.1.2.1. for propagation

2.1.2.2. for backend support

2.1.2.3. for AI

2.1.3. to accommodate Sophisticated Attack Interfaces

2.1.4. to accommodate Sophisticated Attack Infrastructures

2.2. Finding APIs

2.2.1. Mashable

2.2.2. TechCrunch

2.2.3. Programmable Web

2.2.4. Google

2.3. Using APIs

2.3.1. Yahoo Site Explorer Page Data

2.3.1.1. craw

2.3.1.1.1. get the site complete structure

2.3.2. Yahoo Site Explorer Ping

2.3.2.1. ping for a change

2.3.2.1.1. just ping

2.3.2.1.2. add xss payload

2.3.2.2. ping XSSed websites

2.3.2.2.1. to find the targets

2.3.3. Yahoo Search

2.3.3.1. find more stuff

2.3.4. Google Search

2.3.4.1. find stuff

2.3.5. Mailinator

2.3.5.1. SMTP to RSS

2.3.6. Dodgit

2.3.6.1. SMTP to RSS

2.3.7. Mailbucket

2.3.7.1. SMTP to RSS

2.3.8. Zoho Creator

2.3.8.1. online database

2.3.9. Yahoo Pipes

2.3.9.1. XML Proxy

2.3.9.2. Feed Proxy

2.3.9.3. CSV Proxy

2.3.9.4. Web Services

2.3.9.5. Infrastructure Utilities

2.3.10. Ponyfish

2.3.10.1. scrape all links

2.3.11. Dapper

2.3.11.1. scrape any site

2.3.12. Yahoo ZoneTag

2.3.12.1. Find location from CELL ID

2.3.13. dabbledb

2.3.13.1. online database

2.3.14. Hostip

2.3.14.1. GEO IP

2.3.15. SEO Textbrowser

2.3.15.1. proxy

2.3.15.2. SEO analysis

2.3.15.2.1. keywords

2.3.15.2.2. tags

2.3.15.2.3. statistics

2.3.15.2.4. inbound links

2.3.15.2.5. outbound links

2.3.15.2.6. domains

3. Attack Infrastructure Architecture

3.1. Reason

3.1.1. to hide

3.1.1.1. by intermixing technologies

3.1.1.2. by creating covert channels

3.1.2. to reach

3.1.2.1. individuals

3.1.2.2. organizations

3.1.3. to enable

3.1.3.1. viral propagation

3.1.3.1.1. via feeds

3.1.3.1.2. via blogs

3.1.3.1.3. via user generated content

3.1.3.2. targeted attacks

3.2. Tools

3.2.1. Free Hosting

3.2.1.1. Google Pages

3.2.1.1.1. host files

3.2.1.2. Google Mashup Editor

3.2.1.2.1. host files

3.2.1.2.2. host programmable logic

3.2.1.3. Google Code

3.2.1.3.1. host files

3.2.1.4. Feeds

3.2.1.4.1. RSS to HTML

3.2.1.5. Blogs

3.2.1.5.1. host files

3.2.1.5.2. host blog entries

3.2.1.5.3. communicate with the blogsphere

3.2.1.6. Freewebs

3.2.1.6.1. host files

3.2.1.7. JavaScript vendor sites

3.2.1.7.1. jQuery

3.2.1.7.2. AttackAPI

3.2.2. Mashup Editors

3.2.2.1. Google Mashup Editor

3.2.2.1.1. control datasources

3.2.2.1.2. provided intuitive GUI

3.2.2.2. Yahoo Pipes

3.2.2.2.1. link components

3.2.2.2.2. run server side tasks

3.2.2.3. Popfly

3.2.2.3.1. irrelevant and this stage

3.2.3. Services

3.2.3.1. HTML to RSS

3.2.3.1.1. scraping

3.2.3.2. Screen Scraping

3.2.3.3. SMTP to RSS

3.2.3.3.1. bridging

3.2.3.4. RSS to SMTP

3.2.3.5. Schedulers

3.2.3.5.1. Google Calendar

3.2.3.5.2. l8r

3.2.3.6. Alerts

3.2.3.6.1. Google Alerts