Question

I am very confused about something here. How is a tweet sent to the server once you hit the "Tweet" button from the website?

To answer this, I set up a proxy listener to intercept all requests and everything. I set my browser on localhost and everything, and, while I received all request while loading Twitter.com, there was no requests received from the time I hit "Tweet" and the time it showed up in my stream.

How is this even physically possible? Is there something extremely simple I'm missing here?

Was it helpful?

Solution

Twitter uses HTTPS exclusively now, so without setting up a MITM proxy, you will be unable to snoop on the data that is being transmitted.

With regards to setting up a MITM proxy, check out this piece of software: mitmproxy

If you're looking to send Tweets yourself, separately from Twitters web page / apps, check out their API: Twitter 1.1 API - statuses/update

Most browsers come with developer plugins, which will let you see what data is being sent by requests (including HTTPS requests). The best - in my opinion - is Chromes developer extension (which is installed by default), which can be opened by pressing 'F12'. Another alternative is Firebug for FireFox, which once installed can also be opened by pressing 'F12'.

Further more, perhaps you should add a bit more context to your post, such as what platform you're interested in, such as Android, iPhone, or Web (i.e. Twitters vanilla website).

OTHER TIPS

Assuming you are using the twitter website, a quick peek using TamperData shows, the browser is sending a POST request to https://twitter.com/i/tweet/create containing the content of the tweet.

I was researching whether Twitter uses https://api.twitter.com in its website to send tweets and I noticed (using Chrome F12) that the request is actually sent through https://twitter.com/i/tweet/create. I was of the impression that Twitter makes a restful call from its website as in the devices using their API. Do they have a proxy at the server which transforms the request from the browser and forwards it to its webservice? And, how do they know the device from which the request was made if all requests are transformed and sent to its api subdomain via POST /1/direct_messages/new.json HTTP/1.1? I noticed the payload is

authenticity_token=abc1234c3&place_id=&status=Well%2C+this+is+a+message.+%7BAfter+registering%7D

Apologies for the scriptic message - I can only use two links in this post (new user you see!)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top