Using Websites To Hijack User’s Bandwidth – Bit Torrent Style

A few days ago I had this insane idea while thinking about all those ad spamming and stealth dialup sites – we can take advantage of a user visiting a specially crafted page to upload data to other users. It’s both stupid and simple. Torrent sites and clients only would need a few changes and here’s how it would work:

Currently Bit Torrent uses a tracker on the server to keep track of connected users, available chucks of data from each user and for keeping track of the upload/download ratio for each connected client. Now imagine that this application also gets the complete files, or if you want to keep the decentralized simply cache some of the data traded between behind “proxy” users.

If the tracker owner also has a site with high trafic, for instance the Pirate Bay, every page on the site could have included some scripts, images and/or iframes that pointed to one of the connected bittorrent users. At least, the ammount of data transmitted is limited by the url size limit, and the clients must have one port configured or use uPnP so users behind proxy/NAT would not be able to benefit from the bandwidth boost.

The big point is that we can submit data to others using simple websites. And of course that using tecnhologies like AJAX we wouldn’t be limited to a few requests for each user, if a user dind’t close its current page the scripts would keep running, requesting more data and upload to clients from the tracker.

I think I made my idea clear by now 😉

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to Reddit Post to StumbleUpon

Leave a Reply

For spam filtering purposes, please copy the number 1017 to the field below: