DEV Community

loading...

I made a google forms spammer

atharvredij profile image Atharv Redij Updated on ・2 min read

Introduction

Yes, you read the title correctly. But before we begin I would like to say this project is made for educational purposes only. (and this is also my first post on dev.to)

So this is basically a web app where you paste the google form link. It then analyzes the form to find out all the questions and their possible answers (in the case of option-based questions). Then you select how many spam entries you want to add and start spamming.

Currently, it supports

  1. Short answer
  2. Paragraph
  3. Multiple Choice
  4. Checkbox
  5. Dropdown

A Look at The project

How It Works?

If you look at the source code of the google form's page you will find a javascript array called FB_PUBLIC_LOAD_DATA_ at the end. This array holds all the form-related data. So, when you enter a google form URL, the web app fetches the entire HTML as a string and then extracts this array. So I extracted the form ID, name, and the list of questions from it. This data also mentions the type of each question. i.e.

Short Answer Field = 0
Paragraph Field = 1,
Multiple Choice Field = 2
Drop Down Field = 3
Check Boxes Field = 4
Enter fullscreen mode Exit fullscreen mode

Now to generate answers the function iterates through each question and then checks its type. For short and paragraph type it generates a random string as the answer and for option types such as radio buttons, checkboxes or dropdown it selects one option randomly.

To submit the form I used query string. In it, I mapped each question ID and the answer and submitted the form.

And that's basically it. You select how many entries you want to add and then repeat the above two steps n times.

Why this project?

Yes, this is not the most creative project I did but it demonstrates that open google forms like these are prone to spamming. I did this much in a single day. But imagine someone with enough time can create a program that adds fake entries you wouldn't be able to differentiate from the real one.

So I advise you to take the following measures to prevent spamming,

  1. Require sign in to submit the form
  2. Limit to 1 response
  3. Setup CAPTCHA

You can check out the code on github

Discussion (0)

pic
Editor guide