facebook

[mfasoccer]

Hey guys I'm writing a facebook bot program. Currently I am stuck at
the login screen. My approach was to take a password and convert it to
md5 along with the challenge parameter that you will notice if you go
to facebook's website. To give a better idea of this I'll show you
their login form:

<form method="post" name="loginform" action="https://
login.facebook.com/login.php" onsubmit="quicklogin();"><input
type="hidden" name="challenge"
value="77950fc560a9109fe0b61bb70753cec5">
<input type="hidden" name="md5pass">
<label for="email">Email:</label>
<input type="hidden" name="noerror" value="1" />
<input class="inputtext" type="text" name="email"
value="(e-mail address removed)" id="email" size="20" />
<label for="pass">Password:</label>
<input class="inputtext" type="password" name="pass" id="pass"
size="20" />
<input type="submit" value="Login" name="doquicklogin"
id="doquicklogin" onclick="this.disabled=true; this.form.submit();"
class="inputsubmit"/></form>

And what I did was write a program to send the following:
challenge=3b409cf0906ebb3007e8dd1cac3343ae&md5pass=7ca980aefc6964c5a125e0c637194ca3&noerror=1&email=mbinder09%40choate.edu&pass=&doquicklogin=Login
And I am sending this data to: "https://login.facebook.com/login.php"
just like the action of the form suggests. Unfortunately this approach
does not work properly. I even cleared the password field if you note
I sent '&password=' which is required by the facebook JavaScript
method:
function hash(form, login_url) {
document.cookie = "test_cookie=1;domain=.facebook.com";
if (valid_js()) {
var challenge = form.challenge.value;
var hash2 = MD5(form.pass.value) + challenge;
var hash;
if (form.pass.value) {
hash = MD5(hash2);
} else {
hash = "";
}
form.md5pass.value = hash;
form.pass.value = "";
}
return true;
}

note: valid_js() just checks to make sure that the agent is proper
which mine is. Im worried about the document.cookie thing..could that
be it?

Any help is welcome! I am very new to web applications so don't assume
that your points will be repetitive given my lack of knowledge. Thanks!

 

[Alf P. Steinbach]

* (e-mail address removed):

[off-topic]

Please read the FAQ before posting (you might also just check the name
of the group to see whether it could have any connection with your problem).

 

[Bart Simpson]

* (e-mail address removed):

[off-topic]

Please read the FAQ before posting (you might also just check the name
of the group to see whether it could have any connection with your problem).

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

you people are always just so helpful on these groups!!! not! To be
honest, I'll bet 99% of all usenet posts consist of people quoting
'good posting form' and other such bs!!! get a life!!! these groups
are for the exchange of information, yal make me sick with your
arrogant 'FAQS.' Sorry but I'm sure it says somewhere in that 'FAQ'
that you shouldn't post off-topic stuff. Well, someone isn't
practicing what they teach. Get a life pal.

wtf ???!

 

[mfasoccer]

* (e-mail address removed):

[off-topic]

Please read the FAQ before posting (you might also just check the name
of the group to see whether it could have any connection with your problem).

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

you people are always just so helpful on these groups!!! not! To be
honest, I'll bet 99% of all usenet posts consist of people quoting
'good posting form' and other such bs!!! get a life!!! these groups
are for the exchange of information, yal make me sick with your
arrogant 'FAQS.' Sorry but I'm sure it says somewhere in that 'FAQ'
that you shouldn't post off-topic stuff. Well, someone isn't
practicing what they teach. Get a life pal.