Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

11Nov/1421

Facebook API login flow for desktop application

Facebook like

When developing desktop applications that interacts with Facebook you have to implement the login flow your self. After the login flow completes you can use the normal Facebook SDK libraries by supplying it with the access token your received. When implementing the login flow you have to make sure that you receive the access you requested. You can get a partial approval by the user and not be able to access all the scopes you need. In this example I have implemented the Facebook login flow into a C# .Net desktop application. Full source is available for download.

Continue reading...

2Oct/140

Facebook Like vs Follow

Facebook like

Facebook like button, follow button, like boxes, fan pages and application. Which one should you use and why? For blog SEO social media is important both for users to share your content as well as informing your readers about new posts. Facebook have made a lot of changes since they first introduced the like button. In this article I will try to explain how it all works.

Continue reading...

26Jun/120

Facebook login open to enumeration

The error message above is in Swedish, the short version: "The e-mail address you entered isn't connected to any account in our system." So instead of telling me that my username / password combo was unsuccessful they actually help me with half the problem. If they only would have told me that the username and password combo was bad I wouldn't know if I had the correct e-mail address for the account i'm interested in. So I will just try the different e-mail addresses I know of my intended target with some bullshit password until I get "wrong password" error and then I know what e-mail they use. Really not good Facebook!

26Oct/100

Hacking Facebook, Twitter and more…

No one have missed the release of Firesheep, I hope. The new easy way to hack your way into other peoples accounts on Facebook, Twitter, WordPress, Flickr, Google and more. The exploit is a plugin for Firefox that captures network traffic and intercepts the session cookies from the sites. This isn't new to any one but it's the way it's implemented that is nice and will get people moving trying to fix there broken sites. If you can't scale up your service safely with SSL you shouldn't scale up at all. When you installed the plugin in Firefox just hit "Start Capturing" and when ever it finds a service cookie it will pop-up with the username and picture.

It's been announced that this is an axploit for unprotected wireless networks but that isn't all true. If you use a simple man in the middle attack you can capture the traffic on a wired network you got access to in your school or at your work place. There are simple ways of doing this.

  1. Download Cain & Able and install it! (http://www.oxid.it/cain.html)
  2. Download Wincap and install it! (http://www.winpcap.org/install/default.htm)
  3. Download Firesheep and install it, if your browser saves it as a .zip file rename it to .xpi. Then just open firefox menu "Tools" -> "Add-ons" and drag-and-drop the file into the window. (http://github.com/codebutler/firesheep/downloads)
  4. Read this how-to and do a man in the middle attack on your current network. (http://skateass.com/wordpress/cain-arp-poisoning-cracking-and-sniffing-passwords-and-packets/)
  5. Start Firefox, goto "View" -> "Sidebar" -> "Firesheep" then hit "Start Capturing". Now all the sessions created to the sites will be at your disposal.

You can even create custom site profiles in Firesheep and capture other services then the ones already in there.

What else do you want to read about? Please hit me with some comments!