Using urlcrazy tool I generated free domains that can be used for fake. Telergam.org looked really nice. A word ‘telegram’ is complicated enough to miss the swap of two monospaced consonant letters in the middle.

Rented a cloud server for a month and created a fake. Not a fake per se though. I used a proxying with nginx approach (kudos to @sergeybelove). You can set up a proxy_pass module to proxy all requests to a different site, including request modification on-the-fly.

Here’s the complete “fake” config of the main telegram website:



server {

listen 80; #listen to port 80

server_name telergam.org; #set the domain to respond to

location / {

proxy_pass https://telegram.org; #proxy telegram website

}

Also you can use sub_filter module to change the line contents to whatever you want. The web.telegram proxy was set up in the same fashion with some corrections – client was sending current session ID (and everything else from localStorage), phone number, browser to my server.

What else do you need to be happy? SSL? Advanced users will immediately suspect that something is wrong, but the “green lock” will add some points to the fake.

So we register a free account on cloudflare and get the ability to hide server’s real IP address and precious lock.

Now try to find 10 differences: