Abusing t.co for Fun and Profit
Ah, yes. t.co. That amazingly tiny url shortening service created by Twitter when they decided that they wanted to alienate and abandon all the 3rd party developers who helped make them into the powerhouse social networking service that they are today. Using t.co has big advantages on Twitter, too: the original link is shown when the twitter post is viewed on the website, but the link only counts for 20 characters max. Twitter also provides security features, so that if a link contains potentially dangerous content, a user will be notified as such beforehand.
A link of 20 characters is one of the shortest of the URL-shortening services I’ve ever seen. It would be fantastic if we could use them elsewhere, would it not?
So here’s a nifty trick to generate a t.co URL without actually posting it to Twitter. You can do this in any language and on any platform that can make HTTP requests (and it helps if you can filter the result using regular expressions). You will, however, need a twitter account to make this work, and therefore I do not recommend using this method in a professional, production environment. Twitter has Developer API keys for that. I use this method for quick, easy scripts: anything that occasionally needs a short URL.
In essence, Twitter has a “share” service, that you can use to share a website. This includes passing the URL in the query parameter (where it is shortened and added to your message), entering a “tweet”, and posting it to your account. The fact that it is shortened BEFORE you post is what we’re going to take advantage of.
To make these requests from a web script, I recommend using one of my favorite PHP libraries: Snoopy! Snoopy is a web request library with support for redirection and cookies, which is what makes it so useful. I’ve used it many times in the past, and it has more than proven its worth. I won’t go into other languages or implementations, but it should be pretty straightforward.
Take a look at the script below:
include 'Snoopy.class.php';
$link = "http://www.google.ca";
$http = new Snoopy();
$http->maxredirs = 0;
$http->submit("http://twitter.com/share", array(
'url' => $link,
'session[username_or_email]' => '<YOUR-TWITTER-ACCT>',
'session[password]' => '<YOUR-TWITTER-PW>',
'commit' => 'Sign in'
));
$html = $http->results;
What this does is log you in with your twitter account, and pass the /share service the link you want to send. The result will be a webpage with the share box containing your shortened url (among a lot of other form fields, images, text, and things we don’t care about).
To extract the fields, I used a handy loop and some regex. This can definitely be done in a simpler way, but I wanted to be thorough, and account for possible changes in the resulting /share page.
$fields = array();
$matches = array();
preg_match_all('/<input([^>]+)>/', $html, $matches,
PREG_PATTERN_ORDER,
strpos($html, 'action="/share/update"')
);
foreach($matches[1] as $match)
{
$name = array(); $value = array();
if(preg_match('/name=["\']([^"\']+)["\']/',
$match, $name)
&& preg_match('/value=["\']([^"\']+)["\']/',
$match, $value))
{
$fields[trim($name[1])] = trim($value[1]);
}
}
unset($matches);
At the end of all this, $fields will contain something that looks like this:
Array
(
[authenticity_token] => somelongstringiprobablyshouldntshare
[url] => http://www.google.com
[shortened_url] => http://t.co/0vYtROQ
)
Just look! We have just obtained a t.co URL without having to post to Twitter! You can now use this URL for whatever purposes you wish, such as, but not limited to repeatedly tricking your friends and coworkers into watching Rick Astley’s “Never Gonna Give You Up” (http://t.co/aSObE9L)