Last week I received a typical run of the mill phishing email littered with the usual bad Engrish making the instructions far from believable but being bored I decided to take a look at the link they were pushing.
They had created a believable enough looking Paypal form asking clueless punters to enter their credit card details in order to avoid having their account being suspended. After playing around with the form for awhile in Firebug I decided to create a quick script to poison their data by submitting a new fake 16 digit VISA number along with random card holder name, CVV number and expiry date every couple of seconds.
After running this script for half an hour I decided that the script while it did the job would be a lot better if the posted data was coming from an anonymous IP address. Here I will run you through the process of setting up TOR & Polipo on a machine to add an element of anonymity to the data being sent and received by your CURL based script using.
Read the rest of this entry »