How I was able to take over the Facebook users accounts using Windows Phone's Facebook Massenger

So back in April I found a way to take over anyone's Facebook account for next 24 hours, who have windows phone and Facebook messenger installed in it but if and only if I have access to target's mobile for maximum 5-10 seconds.

So now lemme tell how I was able to do it.

Back then Windows Phone's Facebook Messenger have a feature that if a user is logged in in Messenger and he/she tap on any of his/her friend's name [image:] then a linked is generated with a authentication tokens and that link automatically open up in browser. 

What that link and authentication tokens is all about ?
That link will basically open his/her friend's profile from browser with no login. Victim's account will automatically logged in because of those authentication tokens.

So all I have to do is to copy that link from browser and send it "me" using victim's phone. 

Generated Link was like this

It's now fixed. 

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

1 comment: