$50 bounty on stupid twitter problem

[airforcematt]

All,
Supergeek has been working on a script for me and a partner of mine to automate twitter registrations using PHP\CURL - he's run into a POST problem after grabbing the captcha that has thrown him and a few others we've talked to for a loop. I'm loath to let this die because it's the "final piece to the puzzle" for a pretty sweet script for twitter I've had him working on for a while. If you can give him tips\hints\help leading to successful twitter registration I'll pay you $50 paypal.

I'm writing a PHP script to create Twitter accounts, but I'm running into a problem.

I can grab the CAPTCHA, feed it the response, and build the postvars. I've used Tamper in Firefox to get all the header information. I've tried a ton of variations on the Header fields, etc etc, but I keep getting 502 errors, "Twitter is over capacity" even though other queries I'm doing with the API and from my browser work fine.

Has anyone successfully built a PHP/CURL Twitter account creator? I'm so frustrated by this I want to abandon the project.

Help!

PM him if you think you can assist.

 

[xmcp123]

Out of curiosity: Is he using the same IP that he used when he was developing the software?
I've seen a few places that flag IPs with failed requests(common when people are writing curl scripts), and feed them junk.

 

[airforcematt]

Out of curiosity: Is he using the same IP that he used when he was developing the software?
I've seen a few places that flag IPs with failed requests(common when people are writing curl scripts), and feed them junk.

I believe he is using the same IP but we have also tried it with proxies with the same result.

 

[xmcp123]

I believe he is using the same IP but we have also tried it with proxies with the same result.

I'd get a new IP. Completely clean.
Twitter's been spammed enough there's a good shot most proxies are flagged.

 

[airforcematt]

I'd get a new IP. Completely clean.
Twitter's been spammed enough there's a good shot most proxies are flagged.

Will do - thanks for the feedback.

 

[xRAVExHEAVENx]

Try to utilize an aircard from Verizon, Sprint, Alltel, Cricket or whoever. It runs like a dialup connection and changes IP upon each connection.

 

[airforcematt]

Try to utilize an aircard from Verizon, Sprint, Alltel, Cricket or whoever. It runs like a dialup connection and changes IP upon each connection.

Trying it now on another server - aircard works well for PC based programs but this is a serverside script.

 

[xRAVExHEAVENx]

Most server host will sell you mutiliple IPs to configure. I would contact them and buy a few more IPs from them. However, if you need a large range it could get pretty expensive.

Edit: I would LOVE to get a copy of this bot

 

[airforcematt]

Alright - tried it from a "virgin" IP - no luck.

 

[Supergeek]

Here's my postfields array:

Array
(
    [0] => authenticity_token
    [1] => a88335b5ebe4665a0d87096167249000defbc8f0
    [2] => follow
    [3] => 
    [4] => user%5Bname%5D
    [5] => (a random name)
    [6] => user%5Bscreen_name%5D
    [7] => (a random screen name)
    [8] => user%5Bpassword%5D
    [9] => guOdYf4
    [10] => user%5Bemail%5D
    [11] => (a random screen name)%40gmail.com
    [12] => user%5Bsend_email_newsletter%5D
    [13] => 0
    [14] => recaptcha_challenge_field
    [15] => 024AAt_o0bFU6Qv_FpD_HAT9J2y0l730BxtNJMPB88O8faA_CyA6NU8mXC8yroBbMx0yhUiJ-ijuh2GC4niYM1p9UEvDRkxeen5WrlHQ5k0Z8GRhpnbJNajU9ZdCqTqPGttUcV2VB1yyk9ymE-IlHZiZj34f-zGKfbpDj-DeNNVTXqrIEhIYlMoXhwR3xQNSQb_s1OxLJ7NAtPxE9FM_TV_a9GKT4CZuCL1ljhGpUVsPImQ1VwzEyiym6Ld2gSkk8ZOcGMKPEt8hGkRy2ot_zccBEIK6wB
    [16] => recaptcha_response_field
    [17] => Times+Estimate
)

Here's the code I'm using for the POST:

$header[] = "User-Agent=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3
.0.7 (.NET CLR 3.5.30729)";
$header[] = "Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
$header[] = "Accept-Language=en-us,en;q=0.5";
$header[] = "Accept-Encoding=gzip,deflate";
$header[] = "Accept-Charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Keep-Alive=300";
$header[] = "Connection=keep-alive";
//$header[] = "Referer=https://twitter.com/signup?commit=Join%21";
$header[] = "Referer=https://twitter.com/signup";
//$header[] = "Cache-Control: max-age=0";
$header[] = "Expect:";
$header[] = "Content-Type: application/x-www-form-urlencoded";
//$header[] = "Pragma: "; // browsers keep this blank.


$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1); // display headers in output
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_INTERFACE, $interface);
//curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:') );
//curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $refer);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
//curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
//curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_USERAGENT, $config['curl_useragent']);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
//curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
//curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

if ($config['enable_proxy'] == 1) {
    curl_setopt($ch, CURLOPT_PROXY, $MyProxy);
    curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
}

I've tried many, many different combinations of CURL options (hence all the commented lines scattered throughout). I've got a handful of IPs on my dedi and I've tried from several of them now. I've tried through dozens of proxies. Each time I either get a 502/Twitter is full or a redirect to the signup page, or a 403 forbidden. The 502 is the most common; 403 is when I change something drastic and it really breaks, I think.

I'm an idiot; I can't figure this out. Help a brother out.

 

[machinecontrol]

Are you posting the password correctly?
The name of the field on Twitter is user[user_password] , yours is user%5Bpassword%5D , I think it needs an extra "user"

 

[Zsaleem]

I know a guy who has made this app.. his name his john.. for his id PM me..

 

[Rage9]

PMed you SuperGeek

 

[Supergeek]

Are you posting the password correctly?
The name of the field on Twitter is user[user_password] , yours is user%5Bpassword%5D , I think it needs an extra "user"

Wow, nice spot. Fixing that didn't help, though, unfortunately. I can't believe I missed that

 

[chatmasta]

I haven't looked at Twitters postvars, and I haven't programmed with PHP in a while, but why are you setting your headers manually? I've never done that, it's prone to too many mistakes. Use built in cURL functions to set the referrer, etc... I'm sure that's where your problem is.

 

[Supergeek]

I haven't looked at Twitters postvars, and I haven't programmed with PHP in a while, but why are you setting your headers manually? I've never done that, it's prone to too many mistakes. Use built in cURL functions to set the referrer, etc... I'm sure that's where your problem is.

There's a lot of extra b.s. in there that I added in an attempt to troubleshoot the problem.

Rage9 helped us out and it's all good now. I was missing one of the cipher keys, apparently.

So, bounty claimed! Thanks for your responses, everyone.

 

[neonProto]

Supergeek: so you made it work finaly?
Because I am now dealing with the same Twitter problem.. I am just simply trying to login with Curl and I am getting the 403 forbidden error and I have tried many changes to my variables.
Did you get it working? Can you login with a script and how do you get the authentization_code, plase?