![]() ![]() Line 4, 23, 24 and 31 are relative to who sent the message and to whom. In particular, line 20, the "body" parameter which is set to "test", exactly our message! That makes a lot of parameters, but actually only a few interests us. _dyn=7AmajEzUGByA5Q9UoGya4A5ER6yUmyUyGiyEyfirWo8popyui9zob4q68K5U4e2O3J1ebkwy8wGFeex3BKuEjKeCwxxRa3CnDBxe6rxCLGqu2PxOcxu5ocE88C9z9oybx24o9Esw Message_batch=ma-type:user-generated-message Here's the https request that my browser made.Īs you can see, for a question of privacy I obfuscated the user ids. I open and login then I send a message "test". I open my browser (Firefox) and launch a plugin called "Live HTTPS headers" that logs all https requests my browser makes. So rather than trying to execute the js code or understand it, we make our own code, that works in the way we want it. To do that we completely forget what our browser is doing and only look at the https request sent to Facebook and the response and we try to guess how they were generated. The problem with this thechnique is that it makes a big dependency and it does way more than we need, we only need to send and receive specifique https responses and know how to generate/decode them. Now a theoretical way our program could do that would be to simulate the whole browser, html parser, js code interpreter etc. When the you go to Facebook's login page you receive an html page and some js scripts, when you enter your identifiant and hit enter the scripts generate data to send to the server to make https request to establish a connection. The idea is that if your browser can connect to Faceboos and send messages, then your program can too, as the browser is just another program. Since there was no official API I had to create my own. They still had a service to read the inbox but they put it down too, exactly one year later on Ap1. It turns out that they had an XMPP API that they shot down on Ap1. It should be easy, right? Facebook must have an API for sending and receiving messages, surely they have something like a REST API? Well… No. I was swapping between a conversation on IRC and one on Facebook when an idea struck me, how cool would it be to have those bots functionalitys directly in Facebook's chat? And even better, how about reading and writting Facebook's messages in IRC chat or reading and writing IRC's messages on Facebook? Awesome! Why "Unofficial"? If you followed my previous post you may know that I tend to go on IRC and that we have there some pretty cool bots. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |