In another blog post, I talked about the THCon 2024 CTF for which we created a full scale social network for the OSINT challenge.
After a bit of “code clean up” (understand “procrastination”) I have made this tool public at the following repo :
A tool to fill a mastodon instance with messages in the past
What purpose does this serve ? #
- If you need to populate a fake social network with a lot of interaction between members, so there is quite some noise in order to make an OSINT CTF harder and more realistic (I personally hate it when an OSINT CTF servers you with accounts that post ONLY stuff you need to use for the challenge, plus that’s very unrealistic)
- One definite advantage of that was the possibility to posts messages way in the past (more than 6 months in our case) in order for the story to be believable (you don’t infiltrate the spatial agencies, hack all the satellites and build a futuristic briefcase in a month, yet we started working on this challenge about two months before the THCon and by the time we had all the storylines ready it would have been too late)
- You want to fake sending messages in the past on your instance (no idea why you’d do that, but hey, it’s your instance so do whatever you want, I ain’t judging)
How does this work ? #
Mastodon uses a database to store posts, and working directly with it was too much of a pain, but when using the API (which is way easier of course) the instance would set the post date on its own.
Thus, choice was made to leverage both strengths. I used the API to create posts with the right order, replies, attachments etc. and store the IDs with the timestamps they should have. These id/timestamp pairs could then be used to run through the whole database and fake the timestamps, allowing us to “post” messages 6 months in the past.
The repo still contains the discussions of the flat-earther hackers of the THCon OSINT challenge left as an example.
How is it used ? #
Process the messages with convert.py
#
This takes in input a file in the same format as messages.csv :
| Message | Username | Date | image1 | image2 | image3 | image4 |
|---|---|---|---|---|---|---|
| … | … | … | … | … | … | … |
And spits out a json file containing the values ready to be ingested by the Bot. You should not have to change anything in here.
Note that the that imageX can be any attachment that mastodon accepts (ex : music files)
A block of message in consecutive lines is a thread in which people will be replying to one another. Note that this tool does not handle “tree-shaped conversation” (i.e. Alice posts a message, Bob answers, then Charlie answers to Alice creating two branches that could each be continued).
The first message needs a date to be specified on it, while the following messages’ dates can either be forced (by setting the value as can bee seen in the example) or inferred with a random delay from the date of the previous message (as in a normal human chat).
Post the messages with the bot.js
#
Run the bot.js file using Node.js. This requires
- The Node.js dependencies to be installed
- The
accounts.jsonfile to be filled with all the access tokens for the accounts
Once the bot is finished (may take quite some time if a lot of messages are to be sent), it produces a file (output.json) containing a list of pairs (ID/timestamp). The messages have been posted, but the dates are all “now”.
You need to update the dates in the database by using the aforementioned file (output.json) and running the scripts mentioned in the mastodon.md (which sadly is in French, but just scroll down to the bottom, the SQL queries are quite self-explanatory)
More detailed information on how to use the tool and set up a mastodon instance in the documentation on the repo :
A tool to fill a mastodon instance with messages in the past