Utility FBHiddenFriends
Utility is based on feature „Mutual Friends“ on Facebook. This feature can be used to discover shared friends (without limits of setting public/private) from two different profiles. Especially can be used to reconstruct part of private Friends List of any Facebook user. More detailed description including the original python script is to see on http://blog.cyberint.com/2014/05/facebook-hidden-friends-vulnerability.html
Utility doesn’t need any installation. It uses to work installed Firefox Browser (tested on version 29.0.1) and .Net Framework 4 (Windows 7 or newer). Application is started by run FB_hidden_friends.exe.
Description of Application in Eight steps
1. Facebook username and password to login with
2. Target profile
3. Set of profiles for initialization run
4. Parameters to setup output files
5. Button to start algorithm
6. List of discovered profiles
7. Actual count of discovered profiles and profiles to process
8. Button to load settings (part 1, 2 and 3) from file
1. step - Facebook username and password to login with
Application needs to run a valid account on Facebook. Use login information to set Facebook info inputs (part 1 of description)
2. step - Target profile
Application needs to run any target profile. Set it in target input (part 2 of description)
3. step - Set of profiles for initialization run
Application finds mutual friends recursive and needs set initialization set of potential profiles. This set is made by list of profiles (one profile to each line – part 3. of description)
4. step - Button to load settings (part 1, 2 and 3) form file (part 8 of description)
Steps 1. - 3. can be read from configure file. This configure file is simply text file in format:
Login=<facebook login>
Password=<facebook password>
Target= <target>
<init profile #1>
<init profile #2>
<init profile #3>
5. step - Set parameters to setup output files (part 4 of description)
Default results of application are list of discovered profiles in simple text file (file <target>_friend_list.txt in directory output or in form of application part 6. of description) and list of discovered relations between discovered profiles (<target_friend_relate.csv in directory output)
Checkbox „get friend from public profile“ can be used to find initial set of profiles from public target profile.
Checkbox „save temporary files“ can be used to save some temporary files (source of page in html file in directory temp\<target>\html and printscreen of browser in directory temp\<target>\png).
Checkbox „get additional files” can be used to save profile photo in directory bonus\<target>\profile_photo.
6. step - Button to start algorithm (part 5 of description)
Finally this button starts algorithm. Application runs new instance of Firefox browser. In next steps it tries to login on Facebook and runs recursive fetch target plus profile to work, then is finding their mutual friends, setting new profiles to work, writing temporary results… etc.
7. step - Running application (part 7 of description)
Current state of algorithm can be control on main application form (you see actual count of discovered profiles and amount of set profiles to process) or on temporary output files.
8. step - Results of discovered profiles (part 6 of description)
After end of algorithm (Number of profiles for processing is zero) all results are in working directory of application in directories output, temp (if checked save temporary files) and bonus (if checked get additional files).
Example of running application:
Example of results:
Directory output:
Directory temp:
Directory bonus: