Facebook bot

Discussion in 'Java' started by mfasoccer@gmail.com, May 22, 2007.

  1. Guest

    Hey guys I'm writing a facebook bot program. Currently I am stuck at
    the login screen. My approach was to take a password and convert it to
    md5 along with the challenge parameter that you will notice if you go
    to facebook's website. To give a better idea of this I'll show you
    their login form:

    <form method="post" name="loginform" action="https://
    login.facebook.com/login.php" onsubmit="quicklogin();"><input
    type="hidden" name="challenge"
    value="77950fc560a9109fe0b61bb70753cec5">
    <input type="hidden" name="md5pass">
    <label for="email">Email:</label>
    <input type="hidden" name="noerror" value="1" />
    <input class="inputtext" type="text" name="email"
    value="" id="email" size="20" />
    <label for="pass">Password:</label>
    <input class="inputtext" type="password" name="pass" id="pass"
    size="20" />
    <input type="submit" value="Login" name="doquicklogin"
    id="doquicklogin" onclick="this.disabled=true; this.form.submit();"
    class="inputsubmit"/></form>

    And what I did was write a program to send the following:
    challenge=3b409cf0906ebb3007e8dd1cac3343ae&md5pass=7ca980aefc6964c5a125e0c637194ca3&noerror=1&email=mbinder09%40choate.edu&pass=&doquicklogin=Login
    And I am sending this data to: "https://login.facebook.com/login.php"
    just like the action of the form suggests. Unfortunately this approach
    does not work properly. I even cleared the password field if you note
    I sent '&password=' which is required by the facebook JavaScript
    method:
    function hash(form, login_url) {
    document.cookie = "test_cookie=1;domain=.facebook.com";
    if (valid_js()) {
    var challenge = form.challenge.value;
    var hash2 = MD5(form.pass.value) + challenge;
    var hash;
    if (form.pass.value) {
    hash = MD5(hash2);
    } else {
    hash = "";
    }
    form.md5pass.value = hash;
    form.pass.value = "";
    }
    return true;
    }

    note: valid_js() just checks to make sure that the agent is proper
    which mine is. Im worried about the document.cookie thing..could that
    be it?

    Any help is welcome! I am very new to web applications so don't assume
    that your points will be repetitive given my lack of knowledge. Thanks!
     
    , May 22, 2007
    #1
    1. Advertising

  2. On May 22, 12:18 pm, "" <>
    wrote:
    > Hey guys I'm writing a facebook bot program.


    What a coincidence, there's somebody over
    on c.l.j.help trying to do the same thing!
    Oh.. that's you. Please refrain from
    multi-posting.
    <http://www.physci.org/codes/javafaq.html#xpost>

    As an aside, <http://www.facebook.com/terms.php>
    under "Proprietary Rights in Site Content;
    Limited License" states "..Such license is subject
    to these Terms of Use and does not include use of
    any data mining, robots or similar data gathering
    or extraction methods. .."

    (X-post to c.l.j.p./h., w/ f-u to c.l.j.p. only)

    Andrew T.
     
    Andrew Thompson, May 22, 2007
    #2
    1. Advertising

  3. Guest

    On May 22, 1:15 am, Andrew Thompson <> wrote:
    > On May 22, 12:18 pm, "" <>
    > wrote:
    >
    > > Hey guys I'm writing a facebook bot program.

    >
    > What a coincidence, there's somebody over
    > on c.l.j.help trying to do the same thing!
    > Oh.. that's you. Please refrain from
    > multi-posting.
    > <http://www.physci.org/codes/javafaq.html#xpost>
    >
    > As an aside, <http://www.facebook.com/terms.php>
    > under "Proprietary Rights in Site Content;
    > Limited License" states "..Such license is subject
    > to these Terms of Use and does not include use of
    > any data mining, robots or similar data gathering
    > or extraction methods. .."
    >
    > (X-post to c.l.j.p./h., w/ f-u to c.l.j.p. only)
    >
    > Andrew T.


    Right, I believe you contradict yourself, given that you double-posted
    this message! Okay, I'm sorry I broke the rules, will not happen
    again!

    Anyhow, I'm still wondering what I'm doing wrong here. Anyone know?
     
    , May 22, 2007
    #3
  4. wrote:
    >> On May 22, 12:18 pm, "" <>
    >> wrote:

    > <http://www.physci.org/codes/javafaq.html#xpost>

    ...
    >Right, I believe you contradict yourself, given that you double-posted
    >this message! ...


    It is known as a cross-post, or x-post, as was explained
    in the link* and noted in the final (very abbreviated) line
    of the post.

    * Please read the information at the other end of the link.

    --
    Andrew Thompson
    http://www.athompson.info/andrew/

    Message posted via JavaKB.com
    http://www.javakb.com/Uwe/Forums.aspx/java-general/200705/1
     
    Andrew Thompson, May 22, 2007
    #4
  5. Guest

    On May 22, 7:39 am, "Andrew Thompson" <u32984@uwe> wrote:
    > wrote:
    > >> On May 22, 12:18 pm, "" <>
    > >> wrote:

    > > <http://www.physci.org/codes/javafaq.html#xpost>

    > ..
    > >Right, I believe you contradict yourself, given that you double-posted
    > >this message! ...

    >
    > It is known as a cross-post, or x-post, as was explained
    > in the link* and noted in the final (very abbreviated) line
    > of the post.
    >
    > * Please read the information at the other end of the link.
    >
    > --
    > Andrew Thompsonhttp://www.athompson.info/andrew/
    >
    > Message posted via JavaKB.comhttp://www.javakb.com/Uwe/Forums.aspx/java-general/200705/1


    Much thanks, and again I am sorry I double posted.
     
    , May 22, 2007
    #5
  6. Lew Guest

    wrote:
    > Much thanks, and again I am sorry I double posted.


    "Double posted" is not the issue. "Multiposted" is the issue. You could've
    "crossposted" to reach multiple groups and that would allow everyone to follow
    all the answers instead of just some of them.

    The term "double posted" is not used.

    --
    Lew
     
    Lew, May 22, 2007
    #6
  7. Guest

    wrote:
    > Hey guys I'm writing a facebook bot program. Currently I am stuck at
    > the login screen. My approach was to take a password and convert it to
    > md5 along with the challenge parameter that you will notice if you go
    > to facebook's website. To give a better idea of this I'll show you
    > their login form:
    >
    > <form method="post" name="loginform" action="https://
    > login.facebook.com/login.php" onsubmit="quicklogin();"><input
    > type="hidden" name="challenge"
    > value="77950fc560a9109fe0b61bb70753cec5">
    > <input type="hidden" name="md5pass">
    > <label for="email">Email:</label>
    > <input type="hidden" name="noerror" value="1" />
    > <input class="inputtext" type="text" name="email"
    > value="" id="email" size="20" />
    > <label for="pass">Password:</label>
    > <input class="inputtext" type="password" name="pass" id="pass"
    > size="20" />
    > <input type="submit" value="Login" name="doquicklogin"
    > id="doquicklogin" onclick="this.disabled=true; this.form.submit();"
    > class="inputsubmit"/></form>
    >
    > And what I did was write a program to send the following:
    > challenge=3b409cf0906ebb3007e8dd1cac3343ae&md5pass=7ca980aefc6964c5a125e0c637194ca3&noerror=1&email=mbinder09%40choate.edu&pass=&doquicklogin=Login
    > And I am sending this data to: "https://login.facebook.com/login.php"
    > just like the action of the form suggests. Unfortunately this approach
    > does not work properly. I even cleared the password field if you note
    > I sent '&password=' which is required by the facebook JavaScript
    > method:
    > function hash(form, login_url) {
    > document.cookie = "test_cookie=1;domain=.facebook.com";
    > if (valid_js()) {
    > var challenge = form.challenge.value;
    > var hash2 = MD5(form.pass.value) + challenge;
    > var hash;
    > if (form.pass.value) {
    > hash = MD5(hash2);
    > } else {
    > hash = "";
    > }
    > form.md5pass.value = hash;
    > form.pass.value = "";
    > }
    > return true;
    > }
    >
    > note: valid_js() just checks to make sure that the agent is proper
    > which mine is. Im worried about the document.cookie thing..could that
    > be it?
    >
    > Any help is welcome! I am very new to web applications so don't assume
    > that your points will be repetitive given my lack of knowledge. Thanks!


    I think this is related to cookies. When I tell my bot to 'try and
    deal with cookies' it will just freeze once it submits the form. If i
    dont tell it to deal with cookies, facebook rejects my post
    immediatly. Anyone know why this is?
     
    , May 22, 2007
    #7
  8. Twisted Guest

    On May 22, 10:05 am, "" <>
    wrote:
    > I think this is related to cookies. When I tell my bot to 'try and
    > deal with cookies' it will just freeze once it submits the form. If i
    > dont tell it to deal with cookies, facebook rejects my post
    > immediatly. Anyone know why this is?


    Maybe because you're an evil spammer?

    It's one thing to use automation (within reason -- no excessive
    bandwidth use) to make use of a site more convenient, or for search or
    similar purposes (where existing search is inadequate, say).

    Automated submissions of comment postings and the like is another
    matter, and generally means you're spamming. Likewise automated
    account registrations and the like.

    (There are exceptions. Wikipedia lets users run bots with tight
    restrictions, to detect and revert obvious vandalism for instance, or
    to snap redirects, for example; this involves bots that automate
    editing or submitting content and not just browsing.)
     
    Twisted, May 23, 2007
    #8
  9. Oliver Wong Guest

    <> wrote in message
    news:...
    >
    > wrote:

    [something about a web bot]
    >
    > I think this is related to cookies. When I tell my bot to 'try and
    > deal with cookies' it will just freeze once it submits the form. If i
    > dont tell it to deal with cookies, facebook rejects my post
    > immediatly. Anyone know why this is?
    >


    I suspect it'd be easier to answer if you posted an SSCCE. 'try and
    deal with cookies' doesn't compile with my Java compiler.

    - Oliver
     
    Oliver Wong, May 23, 2007
    #9
  10. Guest

    On May 23, 4:17 pm, "Oliver Wong" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    > > wrote:

    >
    > [something about a web bot]
    >
    >
    >
    > > I think this is related to cookies. When I tell my bot to 'try and
    > > deal with cookies' it will just freeze once it submits the form. If i
    > > dont tell it to deal with cookies, facebook rejects my post
    > > immediatly. Anyone know why this is?

    >
    > I suspect it'd be easier to answer if you posted an SSCCE. 'try and
    > deal with cookies' doesn't compile with my Java compiler.
    >
    > - Oliver


    public void run()
    {

    try{
    //part one
    URL url = new URL("http://www.facebook.com/login.php");
    HttpURLConnection conn = (HttpURLConnection)url.openConnection();
    int c;
    conn.setDoInput(true);
    conn.setRequestMethod("GET");
    conn.setDoOutput(true);
    conn.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE
    7.0b; Windows NT 6.0)");
    conn.connect();
    System.out.println(conn.getContent());
    System.out.println(conn.getResponseMessage());
    System.out.println(conn.getHeaderField(0));
    InputStream is= conn.getInputStream();
    String output = "";
    int i = 1;
    do
    {
    i++;
    char x;
    c = is.read();
    x = (char)c;
    if (c!=1)
    output+= x;
    } while (c!=1 && i < 5000);
    System.out.println(output);
    data = output;

    System.out.println(getChallenge());
    conn.disconnect();

    //part two
    url = new URL("http://facebook.com/login.php");
    conn = (HttpURLConnection)url.openConnection();
    conn.setRequestMethod("POST");
    conn.setRequestProperty("Cookie", "test_cookie=1");
    conn.setRequestProperty("Connection-Type", "application/x-www-form-
    urlencoded");
    conn.setRequestProperty("Refferer", "http://facebook.com/
    login.php");

    @SuppressWarnings("unused")
    String email = URLEncoder.encode("email@host");
    String hashedpw = getMD5Hash("mypass");
    String challenge = getChallenge();
    String md5pw = getMD5Hash(hashedpw + challenge);
    String nextt = URLEncoder.encode("http://facebook.com/home.php");
    System.out.println("aok");
    String post = "challenge=" + challenge + "&noerror=1&next=" + nextt
    + "&login=Login&email=" + email + "&pass=&md5pass=" + md5pw;

    PrintWriter pout = new
    PrintWriter(new
    OutputStreamWriter(conn.getOutputStream(),"8859_1"),true);
    pout.print(post);
    System.out.println("whattt");
    pout.flush();
    System.out.println(conn.getResponseMessage());
    InputStream its = conn.getInputStream();
    i = 0;
    do
    {
    i++;
    char x;
    c = its.read();
    x = (char)c;
    if (c!=-1)System.out.print(x);
    } while (c!=-1 && i < 5000);



    } catch(Exception e){}

    }
     
    , May 23, 2007
    #10
  11. Oliver Wong Guest

    <> wrote in message
    news:...

    [...]
    > do
    > {
    > i++;
    > char x;
    > c = is.read();
    > x = (char)c;
    > if (c!=1)
    > output+= x;
    > } while (c!=1 && i < 5000);

    [...]

    Perhaps you mean to compare against -1 instead of 1?

    [...]
    > String hashedpw = getMD5Hash("mypass");
    > String challenge = getChallenge();
    > String md5pw = getMD5Hash(hashedpw + challenge);


    Since you didn't provide the getChallenge or getMD5Hash method, it's
    difficult to help you. I asked you for an SSCCE, not a code snippet.

    > String nextt = URLEncoder.encode("http://facebook.com/home.php");
    > System.out.println("aok");
    > String post = "challenge=" + challenge + "&noerror=1&next=" + nextt
    > + "&login=Login&email=" + email + "&pass=&md5pass=" + md5pw;
    >
    > PrintWriter pout = new
    > PrintWriter(new
    > OutputStreamWriter(conn.getOutputStream(),"8859_1"),true);


    You cannot write to a URLConnection if doOutput=false - call
    setDoOutput(true)

    [...]
    > } catch(Exception e){}


    When debugging a problem, don't silently swallow exceptions.

    - Oliver
     
    Oliver Wong, May 24, 2007
    #11
  12. Lew Guest

    Oliver Wong wrote:
    > <> wrote in message
    >> } catch(Exception e){}

    >
    > When debugging a problem, don't silently swallow exceptions.


    When running in production, don't silently swallow exceptions either.

    Log them using a logging library (java.util.logging, org.apache,log4j); set
    the output to the appropriate logging level (e.g., "DEBUG") to avoid runtime
    overhead when it isn't necessary.

    --
    Lew
     
    Lew, May 24, 2007
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Allen
    Replies:
    4
    Views:
    1,066
    bruce barker
    Jan 14, 2005
  2. Lilian BRUN
    Replies:
    2
    Views:
    508
    Lilian BRUN
    Mar 5, 2005
  3. Nobody
    Replies:
    0
    Views:
    1,530
    Nobody
    Sep 21, 2005
  4. Nicola Larosa

    The snake bot

    Nicola Larosa, Aug 22, 2003, in forum: Python
    Replies:
    0
    Views:
    366
    Nicola Larosa
    Aug 22, 2003
  5. Dutt
    Replies:
    1
    Views:
    694
    Peter Bromberg [C# MVP]
    Feb 8, 2008
Loading...

Share This Page