11

Show some love & run this in your browser console from the your feed page

let plusbuttons = document.getElementsByClassName('plusone');
Array.prototype.forEach.call(plusbuttons, button => {
button.click();
});

You know its too bad the feeds not lazy loaded or I could just keep expanding the likes

Comments
  • 7
    What if I go to https://devrant.com/users/dUcKtYpEd and run:

    let minusbuttons = document.getElementsByClassName('minusone');
    Array.prototype.forEach.call(minusbuttons, button => {
    button.click();
    });
  • 1
    @alcatraz627 you could do that too. and I could do the same. I think you have to confirm a downvote though
  • 4
    @alcatraz627 if you want to downvote everything:

    let plusbuttons = document.getElementsByClassName('minusone');
    Array.prototype.forEach.call(plusbuttons, button => {
    button.click();
    document.querySelector('.downvote-list > li > a').click();
    });
  • 5
    @dUcKtYpEd I WAS KIDDING PLEASE DO NOT TAKE IT THIS FAR I LIKE YOUR POSTS
  • 1
    @alcatraz627 I’m not downvoting anything. I’m here to show love, and point out flaws. I’m curious now if Facebook handles this with their likes
  • 6
    @dUcKtYpEd I did find a flaw in Google Forms long back that don't need user authentication where if you get the format of the response to submit, you can just run a script to submit multiple consecutive responses to spam the shit out of it. It was like four years ago when I used that to spam the shit out of a survey form circulated by a friend of mine in college, only to ask him later how it was and watch him stare at me with a dead face.
  • 1
    @alcatraz627 this story sounds like a hilarious post in itself. Did you report it?
  • 3
    @dUcKtYpEd I'd normally report it but it's Google we're talking about and I'm not getting paid those sweet sweet Google salary monies so I'll just the bright kids figure it out on themselves.
    A friend of mine tried it a while ago and I'm not sure how it went but apparently there's some sort of IP throttling set up even for anonymous forms. But I guess it's still kinda useful to mess up someone's data if they can't bother enough to worry about the security aspect.
  • 1
    @alcatraz627 I just find it hilarious that their solution is IP throttling instead of solving the underlying client side vulnerability. Also I tried This on Fb. I think it detects and unauthentic click and reverses the event.
  • 1
    @alcatraz627 heres how to do the same with facebook

    let likeWrappers = document.querySelectorAll('[aria-label="Like"]');

    Array.prototype.forEach.call(likeWrappers, wrapper => {
    let likeButton = wrapper.childNodes[0];
    likeButton.click();
    });
  • 1
    @alcatraz627 to scroll to bottom, load new posts and like everything

    window.setInterval(() => {
    let likeWrappers = document.querySelectorAll('[aria-label="Like"]');

    Array.prototype.forEach.call(likeWrappers, wrapper => {
    let likeButton = wrapper.childNodes[0];
    likeButton.click();
    window.scrollTo(0,document.body.scrollHeight);
    });
    },
    5000
    );
  • 7
    *grabs the 🍿 *

    This isn't going to end well.
  • 2
    * sits next to @C0D4 and grab a bunch of popcorn *

    Yep, let the shit show begin!
  • 4
    @dUcKtYpEd i showed some love with giving a 100% original and authentic upvote. That's all the love you're getting on this rant!
  • 2
    @bioDan 😞 it’ll do
  • 4
    @bioDan someone tried it
  • 2
    @bioDan I'm grabbing the Vodka wait for me.
  • 2
    @dUcKtYpEd i lied. Here are 2 more upvotes. Isn't there an end to your appetite?
  • 3
    @Ranchonyx Spasiva comrade! Davay the adidas too 😁
  • 2
    So devrant (and therefore pipeless) doesn't even has the most basic rate limiting?!

    With that much flaws exposed by the demo it becomes real hard to sell the actual product...
  • 1
    @Oktokolo it’s possible their not utilizing it to prevent something as non trivial as this. They probably use it more for their public api
  • 0
    @dUcKtYpEd
    For me, this is the definition of trivial.
    And while you can't convert coins to premium that easy anymore, this still is the demo application for their actual product. So i would expect it to showcase the features of the actual product...
  • 1
    @Oktokolo maybe @dfox can chime in. And not block me from dev rant 😂😣
  • 0
    Okay, i verified that they do indeed have some rate limiting in effect - if you plusvote too much, the server starts discarding vote requests. Everything looks fine but the votes are gone when you reload the page.

    P.S.: This upvotes everything which hasn't been upvoted yet:
    let voteboxes = document.getElementsByClassName('vote-state-unvoted');
    Array.prototype.forEach.call(voteboxes, box => {
    let button = box.getElementsByClassName('plusone')[0].click();
    });
  • 1
    @Oktokolo ahhh I’ll have to play with the script more. Could easily break a loop of the upvote requests into intervals, waiting 3 seconds to submit another. I don’t envy whoever has to manage ass holes like me
  • 2
    @dUcKtYpEd
    Well, botting is something, every game dev has to deal with. And if you insist in gamifying everything - then everything is a game and attracting botting.
  • 1
    @Oktokolo I like that perspective
  • 0
    Updated my bookmarklet to always get a fresh node list on each continuation - that damn nodelists have live updates...:
    let f = (f) => {
    let box = document.getElementsByClassName('vote-state-unvoted')[0];
    if (box !== undefined) {
    box.getElementsByClassName('plusone')[0].click();
    setTimeout(() => { f(f); }, 200);
    }
    };
    f(f);
Add Comment