A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Usage

A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info. Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining. After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!

Disclaimer

This project is a PoC. Use it on your own risk and please do not abuse!
Project Team

Owner:


  • Saafan is a senior information security analyst and the technical team lead of Raya IT Security Services Team (RISST). He is the founder of RISST’s application security division, specialized in software security and advanced penetration testing.

Core Developers



Link: fbpwn - A cross-platform Java based Facebook profile dumper - Google Project Hosting
Code: http://fbpwn.googlecode.com/files/FBPwn-beta-0.1.4.zip

@firebitsbr