Tuesday, March 17, 2015
FBPwn A cross platform Java based Facebook profile dumper
FBPwn ~ A cross-platform Java based
Facebook profile dumper
Friends, if you get invitation from stranger in facebook, dont accept it. Even if you know the person, please verify whether profile is real or not. A new hacking tool is available that will send friend request to you. If you accept, it can steal all info ,photos,friend list from you. Think twice before accepting invitation.
A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.
Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victims account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.
After a a few minutes, probably the victim will unfriend the fake account after he/she figures out its a fake, but probably its too late!
FBPwn modules are:
- AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.
- ProfileCloner: A list of all bobs friends is displayed, you choose one of them (well call him andy). FBPwn will change mallorys display picture, and basic info to match andys. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andys account, but probably it would be too late as all his info are already saved for offline checking by mallory.
- CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
- DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.
- DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
- DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.
DOWNLOAD
Facebook profile dumper
Friends, if you get invitation from stranger in facebook, dont accept it. Even if you know the person, please verify whether profile is real or not. A new hacking tool is available that will send friend request to you. If you accept, it can steal all info ,photos,friend list from you. Think twice before accepting invitation.
FbPwn: A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.
Usage
A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.
Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victims account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.
After a a few minutes, probably the victim will unfriend the fake account after he/she figures out its a fake, but probably its too late!
ModulesDescription:
All modules work on a selected profile URL (well call him bob), using a valid authenticated account (well call him mallory).
FBPwn modules are:
- AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.
- ProfileCloner: A list of all bobs friends is displayed, you choose one of them (well call him andy). FBPwn will change mallorys display picture, and basic info to match andys. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andys account, but probably it would be too late as all his info are already saved for offline checking by mallory.
- CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
- DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.
- DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
- DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.
DOWNLOAD
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment