Dating and matching can be exciting especially during Valentine's, but it's important to stay vigilant for impostors. Can you help identify possible frauds?
Once the webpage loads, go ahead and register an account (I will note you need to upload an image - don't be like me and waste 20 minutes figuring out why every email that I tried was currently in use....lol). Once you are registered, you'll land on the dashboard page. I went ahead and liked all the profiles, navigate to the "Matches" section to and we can see that we have a single chat. In Caido, we can see the following request information.
GET /chat/?rid=6 HTTP/1.1
Host: 154.57.164.65:30992
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:148.0) Gecko/20100101 Firefox/148.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://154.57.164.65:30992/chat/
Cookie: session=eyJ1c2VyIjp7ImlkIjo1LCJ1c2VybmFtZSI6IkNvTmlzdCJ9fQ.aa7Lng.Po7ggf30h7yug_fIMLkX6rwJGDM
Upgrade-Insecure-Requests: 1
Priority: u=0, i
My first thought was maybe I can view other chat messages by manipulating the `rid` parameter. I sent that request over to Replay and started with "1" and working my way up the ladder. If all goes well you'll return a 200 status code, and some interesting information might be included.