easy way to make facebook account backdoor without scripting

EASY WAY TO MAKE FACEBOOK ACCOUNT BACKDOOR WITHOUT SCRIPTING

Presented By Budi Khoirudinfeedback@khoirudin.com

http://budi.khoirudin.com/

ABOUT ME

Hello My Name is Budi Khoirudin. I’m a IT Security Enthusiast's, IT Developer,

Speaker, etc ... Now I’m Working as Web Developer in a

Enterprise Corporation Project Freelancer

KNOCKING ON FACEBOOKDon’t be a kiddies forever, You must be know how it works!

FACEBOOK APPLICATION

(Reference: https://www.facebook.com/help?page=1095)

FACEBOOK APPLICATION AUTHENTICATION

Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you

need to call the Graph API from your web server.

The client-side flow is used when you need to make calls to the Graph API from a client, such as JavaScript running in a Web browser or from a native mobile or desktop app.

(Reference: https://developers.facebook.com/docs/authentication/)

GRAPH API

(Reference: https://developers.facebook.com/docs/reference/api/)

GRAPH API PERMISSIONS

(Reference: https://developers.facebook.com/docs/reference/api/permissions/)

GRAPH API EXPLORER

(Reference: https://developers.facebook.com/tools/explorer)

LET’S BEAT THEM!…Proof Of Concept.

FACEBOOK ACCOUNT BACKDOOR (REQUEST PERMISSIONS)

https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream,offline_access,publish_stream

FACEBOOK ACCOUNT BACKDOOR (ACT AS VENDOR)

https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=CLIENT_CREDENTIALS

FACEBOOK ACCOUNT BACKDOOR(ACT AS USER)

https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&response_type=token

ANY QUESTIONS?...Ask To Me

“BACKDOORKU MENGHANTUIMU!”