og kush420 (OP)
|
|
August 19, 2013, 09:07:38 PM |
|
is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain. sorry if this is a noob question. and i did search google before asking this...
|
|
|
|
|
|
|
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
TierNolan
Legendary
Offline
Activity: 1232
Merit: 1083
|
|
August 19, 2013, 09:13:17 PM |
|
is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain. sorry if this is a noob question. and i did search google before asking this...
Fake in what way? The process for spending money is to create a transaction and send it the 8+ nodes you are connected to. They verify it and then send it onward. I think they might not forward transactions unless they know about all the inputs.
|
1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
August 19, 2013, 09:45:50 PM |
|
Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).
|
|
|
|
og kush420 (OP)
|
|
August 19, 2013, 09:57:15 PM |
|
Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug). woh, nice haha, that is what im talking about, how did you do that?
|
|
|
|
og kush420 (OP)
|
|
August 19, 2013, 10:01:34 PM |
|
is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain. sorry if this is a noob question. and i did search google before asking this...
Fake in what way? The process for spending money is to create a transaction and send it the 8+ nodes you are connected to. They verify it and then send it onward. I think they might not forward transactions unless they know about all the inputs. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
August 19, 2013, 10:07:58 PM |
|
I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.
|
|
|
|
og kush420 (OP)
|
|
August 20, 2013, 01:57:23 AM |
|
I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way. How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
|
|
|
|
gmaxwell
Moderator
Legendary
Offline
Activity: 4158
Merit: 8382
|
|
August 20, 2013, 02:14:41 AM |
|
How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
No, I put javascript in the actual script of a transaction with it decoded and displayed without escaping.
|
|
|
|
smolen
|
|
August 20, 2013, 02:35:51 AM |
|
|
Of course I gave you bad advice. Good one is way out of your price range.
|
|
|
Andrey
|
|
November 18, 2013, 11:42:47 PM |
|
I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way. I am not very good in bitcoin internals, but it seems some tricks are still could be done with blockchain.info . Here is the fake transaction trying to make public believe that bitbonanza auction deposit was done by bitbonanza itself. https://blockchain.info/ru/address/12kBb6UA5ZCXkDgrivpBa9jwmbquH7MGod
|
|
|
|
|
michagogo
Member
Offline
Activity: 80
Merit: 10
|
|
November 19, 2013, 12:05:04 PM |
|
I don't think that 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM is his address. I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past.
|
|
|
|
|