SlideShare une entreprise Scribd logo

Easy Way To Make Facebook Account Backdoor Without Scripting

Télécharger en tant que PPTX, PDF
Budi Khoirudin
Budi Khoirudin

Explanation About How To Make Facebook Account Backdoor Using API

Technologie
1  sur  13
Easy Way To Make Facebook Account Backdoor Without Scripting Presented By Budi Khoirudin feedback@khoirudin.com http://budi.khoirudin.com/
About Me Hello My Name is Budi Khoirudin. I’m a IT Security Enthusiast's, IT Developer, Speaker, etc ... Now I’m Working as Web Developer in a Enterprise Corporation Project Freelancer
Knocking On Facebook Don’t be a kiddies forever, You must be know how it works!
Facebook Application (Reference: https://www.facebook.com/help?page=1095)
Facebook Application Authentication Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you need to call the Graph API from your web server. The client-side flow is used when you need to make calls to the Graph API from a client, such as JavaScript running in a Web browser or from a native mobile or desktop app. (Reference: https://developers.facebook.com/docs/authentication/)
Graph API (Reference: https://developers.facebook.com/docs/reference/api/)
Graph API Permissions (Reference: https://developers.facebook.com/docs/reference/api/permissions/)
Graph API Explorer (Reference: https://developers.facebook.com/tools/explorer)
Let’s Beat Them! …Proof Of Concept.
Facebook Account Backdoor (Request Permissions) https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream,offline_access,publish_stream
Facebook Account Backdoor (Act As Vendor) https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=CLIENT_CREDENTIALS
Facebook Account Backdoor(Act As User) https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&response_type=token
Any Questions? ...Ask To Me “Backdoorku Menghantuimu!”

Recommandé

How i hacked programer computer
How i hacked programer computerHow i hacked programer computer
How i hacked programer computer
Budi Khoirudin
 
Facebook API in the Real World - Myles Noton - Miniclip
Facebook API in the Real World - Myles Noton - MiniclipFacebook API in the Real World - Myles Noton - Miniclip
Facebook API in the Real World - Myles Noton - Miniclip
Myles Noton
 
OAuth Introduction
OAuth IntroductionOAuth Introduction
OAuth Introduction
h_marvin
 
Facebook api
Facebook api Facebook api
Facebook api
snipermkd
 
Samsung Mobile Phone Codes
Samsung Mobile Phone CodesSamsung Mobile Phone Codes
Samsung Mobile Phone Codes
Lenny Henningham
 
Facebook SSO.docx
Facebook SSO.docxFacebook SSO.docx
Facebook SSO.docx
ehathis
 
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NETVirtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Krishna T
 
DevCon 2010 - Facebook Apps development for ASP.NET devs
DevCon 2010 - Facebook Apps development for ASP.NET devsDevCon 2010 - Facebook Apps development for ASP.NET devs
DevCon 2010 - Facebook Apps development for ASP.NET devs
Krishna T
 

Recommandé

How i hacked programer computer
How i hacked programer computerHow i hacked programer computer
How i hacked programer computer
Budi Khoirudin
 
Facebook API in the Real World - Myles Noton - Miniclip
Facebook API in the Real World - Myles Noton - MiniclipFacebook API in the Real World - Myles Noton - Miniclip
Facebook API in the Real World - Myles Noton - Miniclip
Myles Noton
 
OAuth Introduction
OAuth IntroductionOAuth Introduction
OAuth Introduction
h_marvin
 
Facebook api
Facebook api Facebook api
Facebook api
snipermkd
 
Samsung Mobile Phone Codes
Samsung Mobile Phone CodesSamsung Mobile Phone Codes
Samsung Mobile Phone Codes
Lenny Henningham
 
Facebook SSO.docx
Facebook SSO.docxFacebook SSO.docx
Facebook SSO.docx
ehathis
 
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NETVirtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Virtual Tech Days 2010 - Integrating Social Networks with ASP.NET
Krishna T
 
DevCon 2010 - Facebook Apps development for ASP.NET devs
DevCon 2010 - Facebook Apps development for ASP.NET devsDevCon 2010 - Facebook Apps development for ASP.NET devs
DevCon 2010 - Facebook Apps development for ASP.NET devs
Krishna T
 
Leveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook AppsLeveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook Apps
David Keener
 
Download PowerPoint Project on social programming for engineering students
Download PowerPoint Project on social programming for engineering studentsDownload PowerPoint Project on social programming for engineering students
Download PowerPoint Project on social programming for engineering students
SkyingBlogger
 
Facebook Connect
Facebook ConnectFacebook Connect
Facebook Connect
Pitra Satvika
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
Nuhil Mehdy
 
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
Andri Yadi
 
Alexa vs Google Assistant - Comparison
Alexa vs Google Assistant - ComparisonAlexa vs Google Assistant - Comparison
Alexa vs Google Assistant - Comparison
Tarun Chawdhury
 
Resume
ResumeResume
Resume
Bhim Kumar
 
Interactive with-facebook
Interactive with-facebookInteractive with-facebook
Interactive with-facebook
Tien Nguyen
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
Manoj Mittal
 
End to End Security with MVC and Web API
End to End Security with MVC and Web APIEnd to End Security with MVC and Web API
End to End Security with MVC and Web API
Michele Leroux Bustamante
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
Mkp resume.docx
Mkp resume.docxMkp resume.docx
Mkp resume.docx
Mithilesh Kumar
 
How to create Zoom Meet with Pega
How to create Zoom Meet with PegaHow to create Zoom Meet with Pega
How to create Zoom Meet with Pega
SamuelJude1
 
Intro to Bot Framework v3
Intro to Bot Framework v3Intro to Bot Framework v3
Intro to Bot Framework v3
Shahed Chowdhuri
 
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionFacebook Login & Open Graph Introduction
Facebook Login & Open Graph Introduction
Eric Ping
 
What's New on the Facebook Platform, July 2011
What's New on the Facebook Platform, July 2011What's New on the Facebook Platform, July 2011
What's New on the Facebook Platform, July 2011
Iskandar Najmuddin
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
Sanjeet Pandey
 
Php day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebookPhp day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebook
Quang Anh Le
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
Jorgen Thelin
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
Shailen Sukul
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 

Contenu connexe

Similaire à Easy Way To Make Facebook Account Backdoor Without Scripting

Php day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebookPhp day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebook
Quang Anh Le
 

Similaire à Easy Way To Make Facebook Account Backdoor Without Scripting (20)

Leveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook AppsLeveraging Rails to Build Facebook Apps
Leveraging Rails to Build Facebook Apps
 
Download PowerPoint Project on social programming for engineering students
Download PowerPoint Project on social programming for engineering studentsDownload PowerPoint Project on social programming for engineering students
Download PowerPoint Project on social programming for engineering students
 
Facebook Connect
Facebook ConnectFacebook Connect
Facebook Connect
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)End-to-end Mobile App Development (with iOS and Azure Mobile Services)
End-to-end Mobile App Development (with iOS and Azure Mobile Services)
 
Alexa vs Google Assistant - Comparison
Alexa vs Google Assistant - ComparisonAlexa vs Google Assistant - Comparison
Alexa vs Google Assistant - Comparison
 
Resume
ResumeResume
Resume
 
Interactive with-facebook
Interactive with-facebookInteractive with-facebook
Interactive with-facebook
 
Microsoft identity manoj mittal
Microsoft identity manoj mittalMicrosoft identity manoj mittal
Microsoft identity manoj mittal
 
End to End Security with MVC and Web API
End to End Security with MVC and Web APIEnd to End Security with MVC and Web API
End to End Security with MVC and Web API
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
 
Mkp resume.docx
Mkp resume.docxMkp resume.docx
Mkp resume.docx
 
How to create Zoom Meet with Pega
How to create Zoom Meet with PegaHow to create Zoom Meet with Pega
How to create Zoom Meet with Pega
 
Intro to Bot Framework v3
Intro to Bot Framework v3Intro to Bot Framework v3
Intro to Bot Framework v3
 
Facebook Login & Open Graph Introduction
Facebook Login & Open Graph IntroductionFacebook Login & Open Graph Introduction
Facebook Login & Open Graph Introduction
 
What's New on the Facebook Platform, July 2011
What's New on the Facebook Platform, July 2011What's New on the Facebook Platform, July 2011
What's New on the Facebook Platform, July 2011
 
Integrate facebook using mule esb
Integrate facebook using mule esbIntegrate facebook using mule esb
Integrate facebook using mule esb
 
Php day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebookPhp day 2011 - Interactive-with-facebook
Php day 2011 - Interactive-with-facebook
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Easy Way To Make Facebook Account Backdoor Without Scripting

  • 1. Easy Way To Make Facebook Account Backdoor Without Scripting Presented By Budi Khoirudin feedback@khoirudin.com http://budi.khoirudin.com/
  • 2. About Me Hello My Name is Budi Khoirudin. I’m a IT Security Enthusiast's, IT Developer, Speaker, etc ... Now I’m Working as Web Developer in a Enterprise Corporation Project Freelancer
  • 3. Knocking On Facebook Don’t be a kiddies forever, You must be know how it works!
  • 4. Facebook Application (Reference: https://www.facebook.com/help?page=1095)
  • 5. Facebook Application Authentication Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you need to call the Graph API from your web server. The client-side flow is used when you need to make calls to the Graph API from a client, such as JavaScript running in a Web browser or from a native mobile or desktop app. (Reference: https://developers.facebook.com/docs/authentication/)
  • 6. Graph API (Reference: https://developers.facebook.com/docs/reference/api/)
  • 7. Graph API Permissions (Reference: https://developers.facebook.com/docs/reference/api/permissions/)
  • 8. Graph API Explorer (Reference: https://developers.facebook.com/tools/explorer)
  • 9. Let’s Beat Them! …Proof Of Concept.
  • 10. Facebook Account Backdoor (Request Permissions) https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream,offline_access,publish_stream
  • 11. Facebook Account Backdoor (Act As Vendor) https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=CLIENT_CREDENTIALS
  • 12. Facebook Account Backdoor(Act As User) https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&response_type=token
  • 13. Any Questions? ...Ask To Me “Backdoorku Menghantuimu!”