|
|
|
|
|
|
by gitgud
1690 days ago
|
|
|
As I understand it, the webserver at twitter-unfurl-faker.herokuapp.com just dynamically redirects based on the user-agent. The attacker doesn't need control over uniswap.org or harrydenly.com to make this work. They only need control of harrydenly if they want to serve a phishing page. But as I said above this is redundant and they could just use this domain to also serve the redirection. Example below: * (Twitter bot) phishing.com -> redirects -> fishtanks.com Twitter bot makes shortened link t.co/aaa (but the preview shows fishtanks.com) * (User) t.co/aaa -> phishing.com |
|
|