article : https://holy-mine-f20.notion.site/SMS-ROTATION-XSS-IS-cc9b09351cd0461b82c609a676a3b237
Sending 1K SMS with blackhat stuff but all APIs we use get suspended before doing even half of the list, which is reasonable but yet we need a solution!
we realized that the problem is the size we trying to send!
we are using transactional SMS routes which are more efficient and have higher delivery rates, but this route is not meant to be for mass sending! it's clear as the name says it's for transactional messages
So what if we just split the list into many parts and use a different key for each part? Same like SMTPS rotation, as an example :
We have 1000 numbers we split into 10 parts each part 100 numbers ! then we use 10 keys to send the list!
Let's do it then!
as an example, we will use an API called Messagebird ( require extra verification for USA sending )
starting with a basic send script that looks like this :
you can find the snippet in docs
import messagebird
ACCESS_KEY = [YourKeyHere]
client = messagebird.Client(ACCESS_KEY)
message = client.message_create(
'MessageBird',
'31XXXXXXXXX',
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
Where messagebird is a python package that needs to be installed so go on
pip3 install messagebird
and that's should be enough to send a single SMS from a single key!
but now the problem is they don't have a way to send mass because it's a transactional SMS and not meant for marketing or any type of mass sending,! so let's solve this!
import messagebird
ACCESS_KEY = [YourKeyHere]
mylist = open("list.txt", "r")
for line in mylist:
client = messagebird.Client(ACCESS_KEY)
message = client.message_create(
'SENDERID',
line,
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
so now we have a script that can send a list instead of a hardcoded number! but still sending with a single API key !
so let's implement the key rotation ! we will use cycle from itertools
import messagebird
from itertools import cycle
ACCESS_KEY_LIST = ["key1","key2","key3"]
keys = cycle(ACCESS_KEY_LIST)
mylist = open("list.txt", "r")
for line in mylist:
client = messagebird.Client(next(keys))
message = client.message_create(
'SENDERID',
line,
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
Now we have a script that uses a key list instead of a single key!
Well done dawg we solve it!
Thanks for reading and I hope this may help someone here!
Feedback is gladly appreciated
Problem:
Sending 1K SMS with blackhat stuff but all APIs we use get suspended before doing even half of the list, which is reasonable but yet we need a solution!
Solution:
we realized that the problem is the size we trying to send!
we are using transactional SMS routes which are more efficient and have higher delivery rates, but this route is not meant to be for mass sending! it's clear as the name says it's for transactional messages
So what if we just split the list into many parts and use a different key for each part? Same like SMTPS rotation, as an example :
We have 1000 numbers we split into 10 parts each part 100 numbers ! then we use 10 keys to send the list!
Let's do it then!
as an example, we will use an API called Messagebird ( require extra verification for USA sending )
starting with a basic send script that looks like this :
you can find the snippet in docs
import messagebird
ACCESS_KEY = [YourKeyHere]
client = messagebird.Client(ACCESS_KEY)
message = client.message_create(
'MessageBird',
'31XXXXXXXXX',
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
Where messagebird is a python package that needs to be installed so go on
pip3 install messagebird
and that's should be enough to send a single SMS from a single key!
but now the problem is they don't have a way to send mass because it's a transactional SMS and not meant for marketing or any type of mass sending,! so let's solve this!
import messagebird
ACCESS_KEY = [YourKeyHere]
mylist = open("list.txt", "r")
for line in mylist:
client = messagebird.Client(ACCESS_KEY)
message = client.message_create(
'SENDERID',
line,
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
so now we have a script that can send a list instead of a hardcoded number! but still sending with a single API key !
so let's implement the key rotation ! we will use cycle from itertools
import messagebird
from itertools import cycle
ACCESS_KEY_LIST = ["key1","key2","key3"]
keys = cycle(ACCESS_KEY_LIST)
mylist = open("list.txt", "r")
for line in mylist:
client = messagebird.Client(next(keys))
message = client.message_create(
'SENDERID',
line,
'Hi! This is your first message',
{ 'reference' : 'Foobar' }
)
Now we have a script that uses a key list instead of a single key!
Well done dawg we solve it!
Thanks for reading and I hope this may help someone here!
Feedback is gladly appreciated