How to send a link message using javascript in KAKAO talk.

To send a link message using javascript in KAKAO talk, the API source provided by Kakao Developers is requred.

자바스크립트를 이용하여 카톡 링크 메시지를 전송하려면 카카오 개발자(Kakao Developers) 페이지에서 제공하는 API 관련 소스가 필요합니다.

Follow the steps below.

다음의 순서를 따라하면 됩니다.

1. Create an application on the Kakao Developers site.

1. Kakao Developers 사이트에서 애플리케이션 생성.

2. Obtain the Javascript API key from "App Key" and reflect it in the source code below.

2. "앱 키"에서 Javascript API 키를 획득 후 아래 소스코드에 반영.

3. In "Platform" → "Web", add the domain to add the source code below and the domain to connect to.

3. "플랫폼" → "Web"에서 아래의 소스코드를 추가할 도메인과 연결할 도메인 추가.

*e.g. http://localhost:8081

4. Create a message template in "Kakao Link".

4. "카카오링크"에서 메시지 템플릿 작성.

5. Execute the source code below.

5. 아래 소스코드를 실행.

* python3 -m http.server 8081 → http://localhost:8081

< index.html >

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>카톡 공유</title>
<script type="text/JavaScript" src="https://developers.kakao.com/sdk/js/kakao.min.js"></script>
</head>
<body>
    <input type="button" onClick="sendLinkCustom();" value="Custom"/>
    <input type="button" onClick="sendLinkDefault();" value="Default"/>

<script type="text/javascript">
    function sendLinkCustom() {
        Kakao.init("[Javascript API key]");
        Kakao.Link.sendCustom({
            templateId: [templete id]
        });
    }
</script>

<script>
try {
  function sendLinkDefault() {
    Kakao.init('[Javascript API key]')
    Kakao.Link.sendDefault({
      objectType: 'feed',
      content: {
        title: '딸기 치즈 케익',
        description: '#케익 #딸기 #삼평동 #카페 #분위기 #소개팅',
        imageUrl:
          'http://k.kakaocdn.net/dn/Q2iNx/btqgeRgV54P/VLdBs9cvyn8BJXB3o7N8UK/kakaolink40_original.png',
        link: {
          mobileWebUrl: 'https://developers.kakao.com',
          webUrl: 'https://developers.kakao.com',
        },
      },
      social: {
        likeCount: 286,
        commentCount: 45,
        sharedCount: 845,
      },
      buttons: [
        {
          title: '웹으로 보기',
          link: {
            mobileWebUrl: 'https://developers.kakao.com',
            webUrl: 'https://developers.kakao.com',
          },
        },
        {
          title: '앱으로 보기',
          link: {
            mobileWebUrl: 'https://developers.kakao.com',
            webUrl: 'https://developers.kakao.com',
          },
        },
      ],
    })
  }
; window.kakaoDemoCallback && window.kakaoDemoCallback() }
catch(e) { window.kakaoDemoException && window.kakaoDemoException(e) }
</script>
   
</body>
</html>

DoS attack simulation(LOIC)

Warning. This is a non-real simulation. This was done for education. If you do harm to other people by using this contents, you can be punished by law.

주의. 이것은 실제와 다른 시뮬레이션입니다. 교육을 위해 진행되었습니다. 만약 당신이 이 자료를 이용해 다른 사람에게 해를 끼친다면, 법에 의해 처벌받을 수 있습니다.

Procedure  절차

01. Acquire the IP address and port number of the attacking target.
공격할 대상의 IP 주소와 포트 번호를 확보한다.

02. Enter the information in the green part of the LOIC below and press the button on the upper right.
아래의 LOIC의 녹색 부분에 해당 정보를 넣고 우측 상단의 시작 버튼을 누른다.

Image filtering simulation(ettercap)

Warning. This is a non-real simulation. If you do harm to other people by exploiting the following, you will be punished by law.


Refer this page before filtering. The MITM is required before simulation.

❑ Overview

1. Open Ettercap and make the MITM environment.

2. Make a filtering file and load it.

first, configure the MITM environment. Then, it can be check by "chk_poison" plugin.

make a filter file and compile it with "etterfilter" like above. Changing the image path of the "replace()" function changes the images on the web page to the planned image. And see more filter examples here.

Now select "Filters → Load a filter" in Ettercap to load the compiled file.

Because the security settings and image loading are different, not all images change, but you can see that filtering is applied. Remember that this is not an attack on the server, but on the victim's computer.

Sniffing simulation(ettercap)

Warning. This is a non-real simulation. If you do harm to other people by exploiting the following, you will be punished by law.


Refer the network structure to use here. That page contains the another way to simulate sniffing.

❑ Overview

1. Open ettercap with GUI mode.

2. Select "Sniff → Unified Sniffing".

3. Select "Hosts → Scan for hosts".

4. Select "Hosts → Hosts list".

5. Put the system for attack to target 1 and the gateway to target 2.

6. Select "Mitm → Arp poisoning → Sniff remote connections".

7. Select "Start → Start sniffing".

❑ Detail procedure

First, select "Sniff → Unified Sniffing" to select ethernet interface for sniffing.

Select "Hosts → Scan for hosts" to find hosts.

Select "Hosts → Hosts list". It makes that you can see hosts list within your network.

Put the system for attack to target 1 and the gateway to target 2. If you want to see selected targets, select "Targets → Current targets".

Select "Mitm → Arp poisoning → Sniff remote connections". This makes starting ARP spoofing attack. if you want to stop it, select "Mitm → Stop mitm attack(s)". The "Sniff remote connections" contains forwarding.

Select "Start → Start sniffing" This makes starting sniffing the target 1. If you want to stop it, select "Start → Stop sniffing".

I tested sniffing with ping and the wireshark. I checked that the all traffic can be seen in attacker's system because victim uses attacker's system as a gateway.

DNS spoofing simulation(dnsspoof)

Warning. This is a non-real simulation. If you do harm to other people by exploiting the following, you will be punished by law.

For this DNS spoofing test, the sniffing should be preceded. Refer the sniffing procedure here.

❑ Overview

1. Set sniffing environment.

2. Create the hosts file.

3. # dnsspoof -f [Host file path]

4. Connect to the websites. 

❑ Detail procedure

It's simple. I used hosts file. It has the characteristic that are referenced in preference to DNS query results.

The victim system then accesses the sites reflected in the hosts file.

In my case, www.rlacjftn123.com worked but the zum and binance didn't work. The above image is the result of setting to connect to msn.com when inputting to www.rlacjftn123.com.

And this is result of DNS spoofing with Ettercap. I tried to connect to microsoft.com but failed.

Approximately since the second quarter of 2017, spoofing on most sites has been become difficult because the many web browsers are more secure than before including IE.

Sniffing simulation(fragrouter)

Warning. This is a non-real simulation. If you do harm to other people by exploiting the following, you will be punished by law.

This sniffing simulation has been implemented by ARP spoofing(Link).

In the end, the attacker can take target's traffic.

❑ Overview

1. arpspoof -t [Target IP address] [Ip address to forge]

2. fragrouter -B1

3. Capture and analyze the traffic

❑ Detail procedure

First, The attacker deliberately transmits ARP reply packets to change the MAC address of the target's gateway to attacker's MAC address.

This is the change of target's ARP table. If the attack is not terminated, the above changed state will continue.

The attacker sets the forwarding so that the traffic that should be sent to the gateway goes normally.

Now, the environment for sniffing is ready.

Such as telnet, If the plain password is transmitted to somewhere, the attacker can steal it.

This is attacker's screen. When the traffic fragments are collected, The ID and password is exposed.

Therefore, we should install IDS on our PC, not connect to an unknown network, and avoid using plain text communication applications.