Truth Social is rapidly gaining popularity as a decentralized microblogging platform with a significant number of active users. With its focus on user freedom and privacy, Truth Social offers a unique, open-source framework that allows for greater customization and control over content. This post explores the network traffic research conducted at the Keysight ATI Research Centre, unveiling the network traffic characteristics of Truth Social web application and its traffic simulation offerings using the Breaking Point system.
Overall Analysis
We have performed extensive user interactions with the Truth Social web application. The captured traffic was completely TLS encrypted. We have further analyzed the traffic based on host names.
Fig.1 : Request-Response count per host
In the figure above we can observe the maximum number of request-response was seen by truthsocial.com followed by static-assets-1.truthsocial.com. The first host has been observed as main host supporting most of the functional activities (ex: Login, Policy Checking, loading post contents etc.) while the latter is mainly serving static artifacts.
Fig. 2: Cumulative payload per host
The diagram above shows that the host truthsocial.com has the maximum cumulative payload followed by 1a-1791.com (hostname for video traffic). The rest of the hosts are creating smaller network footprints.
Analyzing Endpoints
This section contains analysis of some important endpoints we observed –
LogIn
request-response pair is an OAuth 2.0 authentication process used to authenticate a user and get a token. The URL ‘https://truthsocial.com/oauth/token‘ provides a token if the specified client_id, client_secret, username, and password in the content body of the POST request are correct. The response includes an access token necessary for accessing resources that otherwise require authentication.
Fig 3: Login Request response
Loading User Related Information
There is a subsequent request-response after the login for fetching the user profile information using the access token obtained in the previous phase The URL ‘https://truthsocial.com/api/v1/accounts/verify_credentials’ is used to perform the get request to obtain user details.
Fig 4: Get user Information
The payload of the response is the public user profile information like id, username, url and avatar, follower count, location etc.
Post Submission
The client sends a POST with the content and the server successfully records it and responds with the complete details regarding the post. The request is being sent to URL ‘https://truthsocial.com/api/v1/statuses’. The content for the post is encoded as a JSON object in the request body along with other details.
Fig 5: post submission request-response
The response from the server suggests that the status was successfully posted as indicated by the 200 OK status. In the response body, the server confirms the details of the post including the post creation time, post id, post url, and associated account details.
Truth Social Traffic in BreakingPoint
The Truth Social platform has gained significant popularity on the internet, resulting in a significant amount of related network traffic. If you’re wondering how to test and calibrate your network equipment to ensure accuracy and resiliency against this traffic, then BreakingPoint Systems (BPS) is the perfect solution for you.
The Keysight Application and Threat Intelligence (ATI) team have analyzed the network traffic related to Truth Social web application and released simulation strategies in our ATI-2024-20 bi-weekly StrikePack release.
Fig 6: Truth Social in BreakingPoint
The BPS offers niche capability like mixing Truth Social network traffic with thousands of other applications traffic to make a real-world network traffic simulation that flows through your network equipment. For more details about Keysight BreakingPoint and to test your network equipment against the most updated network traffic available in the internet visit BreakingPoint.