How to make sample facebook application with firefox add ons RestClient

-


Note: If you have any doubt about the Facebook application technology ( OAuth protocols) please refer this link and also this link teaches, how to create facebook application dashboard on your facebook account.

STEP 1 ( Authorization code request )

In order to obtain the authorization code from Facebook, we have to send a HTTP GET request to the Authorize Endpoint of Facebook, which is https://www.facebook.com/dialog/oauth . Along with the request, you should have several parameters which are described below.

Parameter Name
Description
Sample Value
Response_type
What will you get back from HTTP GET request
code
Client_id
This is app id given by facebook
1746117745691626
Redirect_url
Your app domain, which is given by you. Also it is called as redirection endpoint. It defined in facebook login setting.
http://localhost:8080
scope
What permission you Need to get from users. If you want more information visit this page
public_profile user_posts user_friends user_photos

sample url: 
"https://www.facebook.com/dialog/oauth?response_type=code&client_id=1746117745691626&redirect_uri=http://localhost:8080/facebook&scope=public_profile%20user_posts%20user_friends%20user_photos"
if anyone clicks this link we can get their scopes.

after making the above request resource owner will redirect the facebook if the owner already login, he will get the user consent page. this page has all request resource information.

USER CONSENT PAGE

if owner click above blue button client application will get the authorization code from authorization server.

Authorization code:



STEP 2 ( Access token request )
we should make this request on POST methods because this request has the user id and secret. so we have to send those things over the HTTP header. this header value should be encoded and also we have to send the following parameter in the body of the HTTP post request.

Parameter Name
Description
Sample Value
Grant_type
Authorization code
authorization_code
Client_id
This is app id given by facebook
1746117745691626
Redirect_url
Your app domain, which is given by you. Also, it is called as redirection endpoint. It defined in facebook login setting.
http://localhost:8080/facebookapp/callback
code
Which is taken from the previous step
AQDfw1CLKYt-
TuoGq1m8oChT8LHbWxz01zWgmkdxRRodgJua5TbEI
_HMYHaL
-64LzpL56KCfNz12Yt3WXlIeep4t0Mc9VCQ9-
i7SPEIk7gPSmzy4m3fpNawmQCvtw5FEU6pM0ON8EMDv
-6Vp1-ty907V4Cnu5sp__QTuJ2c9wz9Co1GIrOO3qEF
2Vu9ruaKkMhZDSNAa0fgbd-5PLiivkN75nr7nsFCHl
JEkadBfkIVddJTqd4AH7
zc8KFXWta87KA3Kt3Taz7h0lTJff3wQuciWRqhvytOp
E90snQPyNJkitpaQeX3VSLHeLd77QOKMNUGw2TnMr6B9d-Y6AZx1M-Of6MeQmeogsyhE0QzihAI6eQ#_=_


  • Header
    • name: Authorization
    • value: Basic "AppID:AppSecret" this should be base64 encode
      (
    • 1746117745691626:
      • b91d622fd71c99430be01d38e9ec0c76)
  • Body
    • grrant_type: authorization_code
    • redirect_url: http://localhost:8080/facebookapp/callback
    • Client_id: 1746117745691626
    • Code:AQDfw1CLKYt-TuoGq1m8oChT8LHbWxz01zWgmkdxRRodgJua5TbEI_HMYHaL-64LzpL56KCfNz12Yt3WXlIeep4t0Mc9VCQ9-i7SPEIk7gPSmzy4m3fpNawmQCvtw5FEU6pM0ON8EMDv-6Vp1-ty907V4Cnu5sp__QTuJ2c9wz9Co1GIrOO3qEF2Vu9ruaKkMhZDSNAa0fgbd-5PLiivkN75nr7nsFCHlJEkadBfkIVddJTqd4AH7zc8KFXWta87KA3Kt3Taz7h0lTJff3wQuciWRqhvytOpE90snQPyNJkitpaQeX3VSLHeLd77QOKMNUGw2TnMr6B9d-Y6AZx1M-Of6MeQmeogsyhE0QzihAI6eQ#_=_
  • To:  https://graph.facebook.com/oauth/access_token

SAMPLE HTTP REQUEST 
"grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ffacebookapp%2Fcallback&client_id=183994178774345&code=AQDfw1CLKYt-TuoGq1m8oChT8LHbWxz01zWgmkdxRRodgJua5TbEI_HMYHaL-64LzpL56KCfNz12Yt3WXlIeep4t0Mc9VCQ9-i7SPEIk7gPSmzy4m3fpNawmQCvtw5FEU6pM0ON8EMDv-6Vp1-ty907V4Cnu5sp__QTuJ2c9wz9Co1GIrOO3qEF2Vu9ruaKkMhZDSNAa0fgbd-5PLiivkN75nr7nsFCHlJEkadBfkIVddJTqd4AH7zc8KFXWta87KA3Kt3Taz7h0lTJff3wQuciWRqhvytOpE90snQPyNJkitpaQeX3VSLHeLd77QOKMNUGw2TnMr6B9d-Y6AZx1M-Of6MeQmeogsyhE0QzihAI6eQ#_=_"


 after making the HTTP POST request you will get the access token from the response.


STEP 3 ( Getting resource from facebook)

 Now that we have received the OAuth access token from facebook, in all the requests we make to the Facebook API, we need to include it as a HTTP header.

Header
  • name: Authorization
  • value: Bearer and access token 

receiving information from Facebook
  1. Timeline post
Send a HTTP GET request to https://graph.facebook.com/v2.8/me/feed?limit=25 and in response, you will get the user’s timeline posts. You will get a JSON response. You can limit the number of results using the limit query parameter.



get the user id

For invoking many operations like retrieving user’s photos, albums etc. We need to know the user’s Facebook ID. For that, we can send a HTTP GET request to the URL https://graph.facebook.com/v2.8/me?fields=id which would return the ID in a JSON response.



user friend list
https://graph.facebook.com/v2.8/<FB User ID>/taggable_friends 


user photo
before getting the photo, we should know album id 






Comments

Post a Comment

Popular posts from this blog

Install android studio on the parrot os

-
Image
parrot OS is based on Linux environment so we have to download Linux version of android studio. if you want Linux version android studio just click here . after the download is completed you will get the zip file of the android studio. so you need to unzip it first. then you can see several files within the unzipped folder. figure 1 represents the sample output. Figure 1 then go to bin folder which is stored in the unzipped folder. after opening the bin folder, you can see studio.sh shell script. if you execute that, the android studio will be running on your PC's.  Note:- you have to give execute permission to studio.sh for the current user before you execute studio.sh script. (sudo chmod u+x studio.sh) Figure 2 but we will be doing like this. it's annoying, so now we are going to the terminal command that is helped to us to access android studio by using terminal commands.  move your unzipped file to "/root" from Downloads. then go to "/usr
Read more

How to do simple brute force attack with burp suite

-
Image
What is brute force attack? brute force is a kind of password based attack. normally attacker checks each and every possible combination until reaching the expected output. so an attacker should check the huge amount of data but the normal human cannot do this kind of things. that's why we must move on some predefine tools to do this kind of attacks. work through this is the sample login page. we are going to attack this page and get the login credentials.(note: this is a basic login form it does not have any prevention mechanism for brute force attack.) let's try any value on this form and capture the data packet for analyzing. after analyzed we can say these data packets have username and password, which we entered previously. so we have to forward this data packet to intruder tab (right click and select intruder option). now  go to the intruder and mark the target variables which are carrying username and password. The below figure shows that. Note:
Read more

PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw

-
Image
A long time ago we published a report about how someone can hack WhatsApp with the SS7 by default. The standard SS7 exists for eons now with corrections, but GSM and telecom companies do not bother or trouble to repair their infrastructure against the standard. Now a Cyber ​​Security Company called Positive Technologies has released a video detail as anyone in any Gmail account can hack with a name and a phone number with the standard SS7. After the abduction of the Gmail account of the victim, the investigators then tried to steal a Bitcoin wallet with the same SS7 defect. Positive researchers sent their video to Thomas Fox-Brewster, an investigating reporter for Forbes, as well as details about hacking. What is the SS7 error? The vulnerability is found in the signaling system 7 or SS7, the technology used by telecommunication operators where the high-security message system and telephone calls depend. SS7 is a set of telephone signaling protocols developed in 1975 that make i
Read more