2017 - How To Obtain 100 Facebook Accounts Per Day Through Internet Searches by Guillermo & Yael

hello everyone thanks for coming this is Jenna and we present half thing 100 filled accounts per day from internet service this is Howard disclaimer well mister things about how we found larger our nobility winning the Facebook no by application we will talk about how it works well how will it how it works basic proof of concept little problem we have exploited in this world this winner already amassed how we solve it also we will pay because we reported through to the book bounty Facebook account and the rumination thing implemented and this is our first researched will of learn interesting things and break things well first of all the banality we found larger was related to

instant articles functionality this functionality basically is where you cannot think media content directly within the Facebook mobile application we are opening for instance a browser you can directly check news and whatever they are clear on the facebook mobile application this functionality functionality allows you to view the content to share it copy it paste the link and so on so we found a session will narrate kayaking in this functionality so we inform Facebook on May 2016 about the this problem turn to the football program how it works with a couple narrative insured limbs from fizzled mobile application this molarity is caused due to the lack proper position in what the lighting will graded URLs shortened from Facebook

instant articles we made a little proof of concept this is basically how it works ally teammate user is using his Noelle's Facebook application he founds a Content I'm a Content that he loves he wants to share it so then click on the share button copy the link he can share it through any other media for instance water in this case we make one and what happens is that the people who is receiving this link can open it and the browser automatically automatically ask the user to initiate session as they first user the initially sure to link this happened because of the functionality of quanta blogging the browser things that you are opening them the link winning your sofa so the

browser ask then you click on OK and you can assertion on the browser of the first user that are initially sure the link and then you come pump

okay let's plot the relative mass if either they say the best decision seems will find that the banality is not always present when shaking from facebook mobile application however well-written you know how this shortened lives were constructed and this is the instructor from I would not think you can say the VIP key and decision key so the solution was difficulty with about Facebook accounts of the one first session searching in Google it was possible to sir that is was quite common to shellings on carbonate that can be used to still evaluation from Facebook accounts this is some these links will find past six months work well we do was to search these kind of links within the

appeal in the output PHP instructor we found a lot of them basically by searching in Google but the problem was that they were tool in some of them a lot of them didn't work anymore however we found another solution the solution was real time to balance around 130

Salah [Music] it's worth to mention that not all of those things were necessary valid some of them could work some up into it however since you can find thousands of links per day you shared every day you can find like a lot that are actually valid so from there you could impersonate any any Facebook account the share link that we're valid and now the first person's [Music]

always works in this one video we can see how to perform this real-time search using Twitter with it for the specific instructor we had from the link and we can observe that there's like a lot of links that are shared within 13 hours of powers and so a lot of these accounts are linked with their Facebook account so when they share anything on the Facebook application it is automatically automatically shared also will trigger this moment is you search this one as buildings in you can see many of this kind of the structure is still used we will see why in a few minutes this video is on the world and this is an example of an accountant was actually

exploited with this research

here we look for a link that is shared by this person she was yeah also we we found that these kind of links obviously they were shared by any kind of people politicians students professors whatever so any people around the world could be targeted by using this kind of mix and there we found we need to clear our check because that was tested before

[Music]

they refrigerate the page and the browser asked to login as a legitimate user we click on OK it opens the content media and then we just browse to to Facebook and the session is already loaded in the browser and we obtain the session this person of any person who do not

the funny part 3,000 bucks dollars as we said previously we informed through Facebook we in the Facebook County Facebook program they pay us and they closed the ticket and of course I implemented our remediation the network and gerard shortener they had me to get when i think what that logic and a redirection the urinal they will never if it was implemented in playful Skaar slash out that PHP and so that is not undr possible to still by the decision on them and it is possible are ready to find these kind of openings and Twitter Google wherever however it is no longer possible to abuse a want uploading functionality because our resurrection is implemented immediately so you access

the content mania without asking first if you can if you want to to login as a initial user that share the content so for instance we we open this link this is a shortened link the it is still present in the IP however the browser didn't ask us anymore first a tool and it up it opens the content media instead of asking to Tulagi

still the same

and open to continue so since the links are is still present out there what's next we found that a this vulnerability could be present also in other kind of links for instance we found these kind of links that contains an SSL request value this kind of links we found they are actually vulnerable however it was a little more complicated to replicate the issue with these links the problem is that the expiration time is really really short so you can test these links but they are take function like I know 15 minutes half an hour you need to find things that I shared like right now and abuse them so it is necessary for instance a to totem authorize this

researches and found links that are shared and like immediately and we have another video with these links and how they are also exploring basically the searches also you can use tracer wherever and I said the problem is the exploration time so although you can find many of these vulnerable links and lots of them are you know our wellness like this one because exploration time is rich believing you can see and this is a proof of concept of a polytechnic and how to exploit it with this new cut

first we go to a Facebook and we can see there is no not come Lala's in the browser then we go back to the mobile Facebook application and found this kind of link when opening this kind of link the browser again asked us to to log in using one table this is the structure of the link the application and creates a shortened link that contains these triangle variables that can be abused so one one is seen a sope we get until the resurrection to the content media however the browser already asked you to to log in as a user than that initially shared link then you just have to browse to Facebook again in the browser and you

got the session what did you use again

using the same link that was shared like two minutes ago it is no longer valid so this is the problem with is valera t2 to test it and to abuse it like in mass like the other one however it is vulnerable so what next we have to play a little bit with these kind of links tempered a the value saying see what happens and they were our well actually they told there's no problem with sharing this how are these second proof of consider is not but right now is the first things with limitation however they have like among top to pay through penalty program and depending on the kind of annuity they pay so this kind of

owner it is this is not easy to replicate so even for them was a problem we work a little bit with them in order to replicate the issue in to let them see how vulnerable was so this is likely top among the it could give us

[Music] [Laughter] [Music] also this was discovered on our free time by searching yeah but full have fun with other people yeah actually yeah only take is to find content may Allah share this kind of bling soil hey look at this can you send a link yeah thank you very much