« Home | Easy Spell Checking » | Apache/IBM Http Server Lockdown » | Be aware of WebSphere's lack of security in regard... » | Kickstarting HP360 and Redhat 4 » | Sun One Proxy Server 4.x - Lockdown for reverse pr... » | Discovering Portals - Jetspeed with WebSphere 5.1 » | Break out of the office using the proxy server! » | Discovering Portals - Jetspeed with Tomcat » | Restricting process information » | Wily Introscope - Portal Manager - How many users ... »

Harvesting Cell Phone Numbers with Myspace.com

If you use myspace.com you know how fast new features pop up on profiles. Recently all my friends (all 6) on myspace started to add this “cool” new feature to their profiles. The feature which is provided by txt2day.com, allows users to send txt messages to the cell phone of the persons page you are on. It’s pretty cool and saves you some cash if you do not have an unlimited text plan. Unfortunately it’s trivial to obtain the cell phone number of that person!

So here is how txt2day works. You go to txt2day.com and get some html code to add to your profile. Here is a snip:


<form action="http://www.txt2day.com/send.php" method="POST" target="_blank">
<input type="hidden" name="refer" value="myspace">
<input type="hidden" name="to" value="NTU1NTU1NTU1NQ==">
<input type="hidden" name="provider" value="sprint">
<textarea style="color: #000000; background: #ffffff;" name=message rows=3 cols=20>txt msg me to my mobile</textarea>
<br><a href=http://www.txt2day.com>Txt2Day.com</a> <input style="color: #000000; background: #ffffff;" type=submit value="Text my mobile"></form>


As you can see this is just a simple form with some hidden fields. Since we don’t really care about how txt2day works we’ll skip that discussion, what we really want is our friends’ cell phone number!

This is the simple part, the hidden form field “to” is a Base64 encoded representation of the cell phone number you want.

Example: < input type="hidden" name="to" value="NTU1NTU1NTU1NQ==" >
Base64 encoded phone number: NTU1NTU1NTU1NQ==

Now all we need is a base64 decoder. If you need a web based one go here:


Enter the Base64 encoded phone number into BASE64 to decode and boom, you now have your friends phone number! In our example above its 5555555555.

If you have a private profile and restrict people that are your friends this probably isn’t a big deal since they all probably have your number. If you have people on your myspace page however that you do not want, you might want to remove this “feature”.

For those of you that are looking to collect a large list of new phone numbers for harvesting, it’s pretty easy to write a spider script across all your friends, their friends, and recurs across myspace. I’m not sure how myspace will feel about this but it’s definitely easy and doable.

Previous posts