The vulnerability has been tested on the torrent trackers that use the torrentbits source code (don’t know if it works on other trackers).
The idea of this vulnerability is that you will sniff your torrent info using the HTTP Analyzer and with Firefox you will update your stats to the tracker being identified as a client. This is a simple and short tutorial that shows you how to do it, if you are “more” advanced you can use other tools to do it.
Programs that you need:
1. Install the User Agent Switcher Extension (the extension will be used to identify as a bittorrent client to the tracker) to Mozilla Firefox (if you don’t have Firefox, get it!).
2. After installing the extension go in Firefox to:
Tools -> User Agent Switcher -> Options -> Options -> User Agents
Click Add, write ‘BitTorrent/3.4.2’ to the Description and User Agent and then press “Ok”.
3. Then go to:
Tools -> User Agent Switcher and select the newly added User Agent, ‘BitTorrent/3.4.2’.
4. Install HTTP Analyzer.
5. Get a .torrent file from a tracker that uses the torrentbits source code and add it to your client. (DO NOT START IT)
6. Start HTTP Analyzer and go to the “Start Logging” button, select “Select a process…”, choose your bittorrent client (Important: If you use Azureus, select the javaw.exe proccess from the list) from the list and click “Ok”.
7. Go into your client and start the torrent.
8. Now go into HTTP Analyzer, there you should see a GET request to the tracker.
9. Open Firefox, paste into the address bar:
TRACKER.ADDRESS with the torrent tracker address (ex: www.filelist.org:81)
INFOHASH with info_hash variable taken from the GET request from HTTP Analyzer,
PEERID with the peer_id
PORT with the port
UPLOADED with an number that you want, in bytes (ex: 10737418240 for 10GB)
press enter and then stop the torrent in your client.
Now you should have 10GB added to your upload.
FileMP3 screens 😀
The vulnerability should work on all sites that use the TorrentBits source code (including filelist.org, torrentbytes.net and anothers).
I haven’t tried this procedure but thought that i will share it with my friends as i found it here.