 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / May 2007Facebook bot
Hey guys I'm writing a facebook bot program. Currently I am stuck at the login screen. My approach was to take a password and convert it to md5 along with the challenge parameter that you will notice if you go to facebook's website. To give a better idea of this I'll show you their login form: <form method="post" name="loginform" action="https:// login.facebook.com/login.php" onsubmit="quicklogin();"><input type="hidden" name="challenge" value="77950fc560a9109fe0b61bb70753cec5"> <input type="hidden" name="md5pass"> <label for="email">Email:</label> <input type="hidden" name="noerror" value="1" /> <input class="inputtext" type="text" name="email" value="mbinder09@choate.edu" id="email" size="20" /> <label for="pass">Password:</label> <input class="inputtext" type="password" name="pass" id="pass" size="20" /> <input type="submit" value="Login" name="doquicklogin" id="doquicklogin" onclick="this.disabled=true; this.form.submit();" class="inputsubmit"/></form> And what I did was write a program to send the following: challenge=3b409cf0906ebb3007e8dd1cac3343ae&md5pass=7ca980aefc6964c5a125e0c637194ca3&noerror=1&email=mbinder09%40choate.edu&pass=&doquicklogin=Login And I am sending this data to: "https://login.facebook.com/login.php" just like the action of the form suggests. Unfortunately this approach does not work properly. I even cleared the password field if you note I sent '&password=' which is required by the facebook JavaScript method: function hash(form, login_url) { document.cookie = "test_cookie=1;domain=.facebook.com"; if (valid_js()) { var challenge = form.challenge.value; var hash2 = MD5(form.pass.value) + challenge; var hash; if (form.pass.value) { hash = MD5(hash2); } else { hash = ""; } form.md5pass.value = hash; form.pass.value = ""; } return true; } note: valid_js() just checks to make sure that the agent is proper which mine is. Im worried about the document.cookie thing..could that be it? Any help is welcome! I am very new to web applications so don't assume that your points will be repetitive given my lack of knowledge. Thanks! On May 22, 12:18 pm, "mfasoc...@gmail.com" <mfasoc...@gmail.com> wrote: > Hey guys I'm writing a facebook bot program. What a coincidence, there's somebody over on c.l.j.help trying to do the same thing! Oh.. that's you. Please refrain from multi-posting. <http://www.physci.org/codes/javafaq.html#xpost> As an aside, <http://www.facebook.com/terms.php> under "Proprietary Rights in Site Content; Limited License" states "..Such license is subject to these Terms of Use and does not include use of any data mining, robots or similar data gathering or extraction methods. .." (X-post to c.l.j.p./h., w/ f-u to c.l.j.p. only) Andrew T. > On May 22, 12:18 pm, "mfasoc...@gmail.com" <mfasoc...@gmail.com> > wrote: [quoted text clipped - 17 lines] > > Andrew T. Right, I believe you contradict yourself, given that you double-posted this message! Okay, I'm sorry I broke the rules, will not happen again! Anyhow, I'm still wondering what I'm doing wrong here. Anyone know? >> On May 22, 12:18 pm, "mfasoc...@gmail.com" <mfasoc...@gmail.com> >> wrote: > <http://www.physci.org/codes/javafaq.html#xpost> ... >Right, I believe you contradict yourself, given that you double-posted >this message! ... It is known as a cross-post, or x-post, as was explained in the link* and noted in the final (very abbreviated) line of the post. * Please read the information at the other end of the link.  SignatureAndrew Thompson http://www.athompson.info/andrew/ > mfasoc...@gmail.com wrote: > >> On May 22, 12:18 pm, "mfasoc...@gmail.com" <mfasoc...@gmail.com> [quoted text clipped - 14 lines] > > Message posted via JavaKB.comhttp://www.javakb.com/Uwe/Forums.aspx/java-general/200705/1 Much thanks, and again I am sorry I double posted. > Much thanks, and again I am sorry I double posted. "Double posted" is not the issue. "Multiposted" is the issue. You could've "crossposted" to reach multiple groups and that would allow everyone to follow all the answers instead of just some of them. The term "double posted" is not used. SignatureLew > Hey guys I'm writing a facebook bot program. Currently I am stuck at > the login screen. My approach was to take a password and convert it to [quoted text clipped - 48 lines] > Any help is welcome! I am very new to web applications so don't assume > that your points will be repetitive given my lack of knowledge. Thanks! I think this is related to cookies. When I tell my bot to 'try and deal with cookies' it will just freeze once it submits the form. If i dont tell it to deal with cookies, facebook rejects my post immediatly. Anyone know why this is? On May 22, 10:05 am, "mfasoc...@gmail.com" <mfasoc...@gmail.com> wrote: > I think this is related to cookies. When I tell my bot to 'try and > deal with cookies' it will just freeze once it submits the form. If i > dont tell it to deal with cookies, facebook rejects my post > immediatly. Anyone know why this is? Maybe because you're an evil spammer? It's one thing to use automation (within reason -- no excessive bandwidth use) to make use of a site more convenient, or for search or similar purposes (where existing search is inadequate, say). Automated submissions of comment postings and the like is another matter, and generally means you're spamming. Likewise automated account registrations and the like. (There are exceptions. Wikipedia lets users run bots with tight restrictions, to detect and revert obvious vandalism for instance, or to snap redirects, for example; this involves bots that automate editing or submitting content and not just browsing.) > On May 22, 10:05 am, "mfasoc...@gmail.com" <mfasoc...@gmail.com> > wrote: [quoted text clipped - 18 lines] > to snap redirects, for example; this involves bots that automate > editing or submitting content and not just browsing.) No this is not for spam. [something about a web bot] > I think this is related to cookies. When I tell my bot to 'try and > deal with cookies' it will just freeze once it submits the form. If i > dont tell it to deal with cookies, facebook rejects my post > immediatly. Anyone know why this is? I suspect it'd be easier to answer if you posted an SSCCE. 'try and deal with cookies' doesn't compile with my Java compiler. - Oliver > <mfasoc...@gmail.com> wrote in message > [quoted text clipped - 13 lines] > > - Oliver public void run() { try{ //part one URL url = new URL("http://www.facebook.com/login.php"); HttpURLConnection conn = (HttpURLConnection)url.openConnection(); int c; conn.setDoInput(true); conn.setRequestMethod("GET"); conn.setDoOutput(true); conn.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"); conn.connect(); System.out.println(conn.getContent()); System.out.println(conn.getResponseMessage()); System.out.println(conn.getHeaderField(0)); InputStream is= conn.getInputStream(); String output = ""; int i = 1; do { i++; char x; c = is.read(); x = (char)c; if (c!=1) output+= x; } while (c!=1 && i < 5000); System.out.println(output); data = output; System.out.println(getChallenge()); conn.disconnect(); //part two url = new URL("http://facebook.com/login.php"); conn = (HttpURLConnection)url.openConnection(); conn.setRequestMethod("POST"); conn.setRequestProperty("Cookie", "test_cookie=1"); conn.setRequestProperty("Connection-Type", "application/x-www-form- urlencoded"); conn.setRequestProperty("Refferer", "http://facebook.com/ login.php"); @SuppressWarnings("unused") String email = URLEncoder.encode("email@host"); String hashedpw = getMD5Hash("mypass"); String challenge = getChallenge(); String md5pw = getMD5Hash(hashedpw + challenge); String nextt = URLEncoder.encode("http://facebook.com/home.php"); System.out.println("aok"); String post = "challenge=" + challenge + "&noerror=1&next=" + nextt + "&login=Login&email=" + email + "&pass=&md5pass=" + md5pw; PrintWriter pout = new PrintWriter(new OutputStreamWriter(conn.getOutputStream(),"8859_1"),true); pout.print(post); System.out.println("whattt"); pout.flush(); System.out.println(conn.getResponseMessage()); InputStream its = conn.getInputStream(); i = 0; do { i++; char x; c = its.read(); x = (char)c; if (c!=-1)System.out.print(x); } while (c!=-1 && i < 5000); } catch(Exception e){} } [...] > do > { [quoted text clipped - 5 lines] > output+= x; > } while (c!=1 && i < 5000); [...] Perhaps you mean to compare against -1 instead of 1? [...] > String hashedpw = getMD5Hash("mypass"); > String challenge = getChallenge(); > String md5pw = getMD5Hash(hashedpw + challenge); Since you didn't provide the getChallenge or getMD5Hash method, it's difficult to help you. I asked you for an SSCCE, not a code snippet. > String nextt = URLEncoder.encode("http://facebook.com/home.php"); > System.out.println("aok"); [quoted text clipped - 4 lines] > PrintWriter(new > OutputStreamWriter(conn.getOutputStream(),"8859_1"),true); You cannot write to a URLConnection if doOutput=false - call setDoOutput(true) [...] > } catch(Exception e){} When debugging a problem, don't silently swallow exceptions. - Oliver > <mfasoccer@gmail.com> wrote in message >> } catch(Exception e){} > > When debugging a problem, don't silently swallow exceptions. When running in production, don't silently swallow exceptions either. Log them using a logging library (java.util.logging, org.apache,log4j); set the output to the appropriate logging level (e.g., "DEBUG") to avoid runtime overhead when it isn't necessary. SignatureLew Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.