While I chose to keep this article here for archiving, Please note that this doesn’t work anymore. Twitter API has since changed and what used to work, doesn’t anymore.

I was reading Shay’s article on how to send direct messages on twitter using PowerShell when I couldn’t resist but find a way to send normal tweets from PowerShell. While trying to do that, I also incorporated security so that your transmission is secure and so is your input. Here’s the code:

function Send-Tweet($Message,$UserName)
{
   if ($Message -eq $null) {$Message = Read-Host "Enter your tweet"}
   if ($Username -eq $null) {$Username = read-host "Enter your twitter username"}
   if ($Password -eq $null)
   {
	$Password = read-host -assecurestring "Enter your twitter password"
	$marshal = [Runtime.InteropServices.Marshal]
	$Password = $marshal::PtrToStringAuto($marshal::SecureStringToBSTR($Password))
   }
   $url="https://twitter.com/statuses/update.xml?status=$Message"
   $request = [System.Net.WebRequest]::Create($url)
   $request.credentials= New-Object System.Net.NetworkCredential($UserName,$Password)
   $request.method= "POST"
   $request.contentType = "application/x-www-form-urlencoded"
   $request.GetResponse().statusCode # return the status code of the request
}

To send tweet, you need to type:

Send-Tweet -Message "Hello World!" -Username userxyz

Notice I did not include –Password. Infact, I did not include $Password in parenthesis after function. This way even if you were using tab to cycle through available parameters, you won’t see “Password” as a parameter. It still won’t stop you from typing:

Send-Tweet -Message "Hello World!" -Username userxyz -Password password

But by not declaring the parameter, I am encouraging one to skip typing password in plain-text. When user sends tweet using first option (without password) this script will prompt user for password. How is it secure? Notice –assecurestring when I am prompting user for password. This way your entry will show up as ****** instead of plaintext. If you were to use second method, you will type your password in plaintext and I am assuming you will do that when you are sure your screen is not visible to anyone else.

Another nice feature in my script is, I am using https in URL. This way I am sending authentication string over SSL. Shay’s original script for direct message does not use SSL hence username and password is transmitted in base64 encoding of string “username:password”. Your tweet will be published and will be in public domain but I don’t like the idea of transmitting username and password the same way. Here’s why:

The network capture shows the following:

image

Now let’s see what we can do with highlighted string in PowerShell:

PS> $b64upass = "dXNlcm5hbWU6cGFzc3dvcmQ="
PS> $bytes = [convert]::FromBase64String($b64upass)
PS> $decoded = [System.Text.Encoding]::UTF8.GetString($bytes)
PS> $decoded
username:password

So as you can see, even though Base64 is not plaintext, it’s very easy to decode and your username and password is more valuable than that!

If you are going to use Shay’s script for direct tweets, you can simply change URL to https and it should transmit securely. you can also use other ideas from my script to make password entry more secure.

Here’s another way of doing it:

$Tweetcred = Get-Credential
$UserName=$Tweetcred.GetNetworkCredential().UserName
$Password=$Tweetcred.GetNetworkCredential().Password

Using this method simply asks user for username and password in standard windows security dialog box and stores it in credential object of the OS.

image

I thank Shay for showing me way and hope you will benefit from both his and my scripts!

Update: Including link to Wikipedia article on HTTP Basic Access Authentication for reference.