How I was able to take over the Facebook users accounts using Windows Phone's Facebook Massenger


So back in April I found a way to take over anyone's Facebook account for next 24 hours, who have windows phone and Facebook messenger installed in it but if and only if I have access to target's mobile for maximum 5-10 seconds.

So now lemme tell how I was able to do it.

Back then Windows Phone's Facebook Messenger have a feature that if a user is logged in in Messenger and he/she tap on any of his/her friend's name [image: http://imgur.com/1qcpRBV] then a linked is generated with a authentication tokens and that link automatically open up in browser. 

What that link and authentication tokens is all about ?
That link will basically open his/her friend's profile from browser with no login. Victim's account will automatically logged in because of those authentication tokens.



So all I have to do is to copy that link from browser and send it "me" using victim's phone. 

Generated Link was like this https://m.facebook.com/auth.php?api_key=192652190921494&amp%3Bsession_key=5.gl1MErFcceSq9g.1397237931.83-100007436133692&amp%3Bt=1397239640&amp%3Buid=100007436133692&amp%3Burl=https%3A%2F%2Fm.facebook.com%2F100007507324138&amp%3Bsig=b28c08420bc3f8dd8580c25784afd1d2

It's now fixed. 

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

1 comment: