1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Method] Exploiting The Facebook Referrer Mechanism For Your Needs

Discussion in 'Black Hat SEO' started by mrblackjack, Feb 26, 2013.

  1. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    960
    Likes Received:
    552
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    Ok, the referrer is pretty important data in the IM world - especially when promoting aff products or just applying some nasty blackhat techniques.
    In this short tutorial I'll show you how you can exploit the Facebook Referrer mechanism so that u can drive traffic to whatever sites / products urls you wish using a "Facebook Referrer" thus making all your traffic "legit".

    Mods, I think you should move it to VIP so it wont get patched very fast by FB.

    1. After you click on a url that is placed in Facebook, the url looks something like this:
    Code:
    https://www.facebook.com/l.php?[COLOR=#ff0000][B]u=[/B][/COLOR]http%3A%2F%2Ftest.com&[COLOR=#ff0000][B]h=[/B][/COLOR]BAQGNjWYdAQFwke7miQOHRy0VEJAObRA-7U3jmzs7Ry3lIg&enc=AZMTie6VVgCYbMTC524rLAODuF4JIN6seVoAtw-EL351_0cdlh2NKbsM6lzYDRdwRN-7XbUqOhcEV38e57sUnSeW&s=1
    
    take a look at the image, if you click on the link, you will be redirected to the destination url by The Facebook Redirect Mechanism (pattern is displayed in the code above)
    links-in-facebook.PNG

    Now, pay attention to the bold-red parameters.
    the first parameter "u=" is the url Facebook send the visitor to
    the second parameter "h=" is a security token.

    Now, all you have to do is click on a link that has been shared or published in Facebook, copy the redirect url (before being redirected), replace the "u=http://...." to your own custom url, let's say an affiliate offer, and use the full Facebook url as a destination url for your banners/ links / images etc.

    Thus, whenever a user will click this url, he will be redirected to your offer, and the referrer will be of "Facebook". Actually, the referrer will be: "facebook.com/l.php".

    Pay Attention: the token contains data of your geo location. Therefore, if you are located in Canada for ex. and clicked on a Facebook url, apparently only Canada visitors to the re-structured url will be redirected to your final destination url, the others will get a security alert.

    here are further urls that I re-structured (to my own custom urls), that work here from Israel. let me know if each works for you:

    https://www.facebook.com/l.php?u=http%3A%2F%2Fblack-jack.co.il&h=BAQGNjWYdAQFwke7miQOHRy0VEJAObRA-7U3jmzs7Ry3lIg&enc=AZMTie6VVgCYbMTC524rLAODuF4JIN6seVoAtw-EL351_0cdlh2NKbsM6lzYDRdwRN-7XbUqOhcEV38e57sUnSeW&s=1




    https://www.facebook.com/l.php?u=http%3A%2F%2Fgoogle.com&h=BAQGNjWYdAQFwke7miQOHRy0VEJAObRA-7U3jmzs7Ry3lIg&enc=AZMTie6VVgCYbMTC524rLAODuF4JIN6seVoAtw-EL351_0cdlh2NKbsM6lzYDRdwRN-7XbUqOhcEV38e57sUnSeW&s=1




    https://www.facebook.com/l.php?u=http%3A%2F%2Fyahoo.com&h=BAQGNjWYdAQFwke7miQOHRy0VEJAObRA-7U3jmzs7Ry3lIg&enc=AZMTie6VVgCYbMTC524rLAODuF4JIN6seVoAtw-EL351_0cdlh2NKbsM6lzYDRdwRN-7XbUqOhcEV38e57sUnSeW&s=1


    https://www.facebook.com/l.php?u=http%3A%2F%2Fcnn.com&h=BAQGNjWYdAQFwke7miQOHRy0VEJAObRA-7U3jmzs7Ry3lIg&enc=AZMTie6VVgCYbMTC524rLAODuF4JIN6seVoAtw-EL351_0cdlh2NKbsM6lzYDRdwRN-7XbUqOhcEV38e57sUnSeW&s=1
     
    • Thanks Thanks x 4
  2. pasenseoso

    pasenseoso Power Member

    Joined:
    Aug 19, 2011
    Messages:
    754
    Likes Received:
    136
    Occupation:
    hachetman
    Location:
    - - P I L I P I N A S - -
    Home Page:
    hi sir.. I am getting this :

    For the safety and privacy of your Facebook account, remember to never enter your password unless you're on the real Facebook web site. Also be sure to only download software from sites you trust.
     
    Last edited: Apr 9, 2013
  3. Raffy

    Raffy Regular Member

    Joined:
    Nov 30, 2012
    Messages:
    212
    Likes Received:
    613
    Great share, thanks. "You must spread some Reputation around before giving it to mrblackjack again"
     
  4. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    960
    Likes Received:
    552
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    forgot to mention that the traffic to the facebook url has to match the country where the url has been set in the first place. That is, if u create a custome fb url from the u.s. for ex, only traffic from u.s. will go through; otherwise, you'll get the following message
     
  5. RisingMoon

    RisingMoon Registered Member

    Joined:
    Mar 23, 2013
    Messages:
    79
    Likes Received:
    2
    MrBlackJack, are you near Tel Aviv?
     
  6. osmokes

    osmokes Junior Member

    Joined:
    May 15, 2012
    Messages:
    192
    Likes Received:
    118
    I get what you're doing but how can this lead to anything? how would you get people to share the link when it redirects to something else. Can you give examples of possible use?
     
    • Thanks Thanks x 1
  7. ComputerEngineer

    ComputerEngineer Senior Member

    Joined:
    Apr 25, 2012
    Messages:
    833
    Likes Received:
    70
    exactly

    i don't see any useful usage of this
     
  8. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,303
    Likes Received:
    3,741
    Location:
    snip.li/TubH
    dont understand why people come whining when something is shared for free :(
     
  9. TheMoneyWizard

    TheMoneyWizard Elite Member

    Joined:
    May 31, 2012
    Messages:
    2,351
    Likes Received:
    2,461
    Location:
    Wonderland
    Thanks for sharing this!
     
  10. Salto

    Salto Regular Member

    Joined:
    Apr 13, 2010
    Messages:
    307
    Likes Received:
    95
    If you dont see the use of this, leave the thread!

    Thanks for the share :)
     
    • Thanks Thanks x 1
  11. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,303
    Likes Received:
    3,741
    Location:
    snip.li/TubH
    isnt there a thanks button for this already :)
     
  12. TheMoneyWizard

    TheMoneyWizard Elite Member

    Joined:
    May 31, 2012
    Messages:
    2,351
    Likes Received:
    2,461
    Location:
    Wonderland
    Yeah I was waiting for someone to say that, my thanks ran out yesterday. I didn't know this but their is a limit to how many thanks you can give.
     
  13. imperial444

    imperial444 Elite Member

    Joined:
    Jan 13, 2011
    Messages:
    1,771
    Likes Received:
    414
    Occupation:
    Full-time IM hero
    there you go. Nice cloaking technique. Thanks
     
  14. commenting shop

    commenting shop BANNED BANNED

    Joined:
    Apr 28, 2012
    Messages:
    1,145
    Likes Received:
    273
    Thanks mate for such a Wonderful Share :)
     
  15. frankweerasinghe

    frankweerasinghe Regular Member

    Joined:
    Jun 6, 2011
    Messages:
    434
    Likes Received:
    393
    Location:
    Colombo, Sri Lanka
    method not working :(
     
  16. dinkish

    dinkish Power Member

    Joined:
    Apr 19, 2013
    Messages:
    689
    Likes Received:
    159
    Hotmail wasn't new at the time, but there still was a very similar attack to get access.

    Tokens are based on sessions (after login essentially). They're serialized, but you still perhaps be able to to hijack url's It's still time dependent at the very least if this is a valid exploit. Which would be pretty fucking stupid let alone irresponsible.
     
  17. chaytu

    chaytu Newbie

    Joined:
    Apr 22, 2012
    Messages:
    46
    Likes Received:
    18
    The facebook redirecting mechanism doesn't work! The destination url directly appears on the address bar after i click on any link. guess fb figured this out and updated their algorithm. Anyways nice share OP :)
     
  18. MysticMerchant

    MysticMerchant Newbie

    Joined:
    Aug 27, 2011
    Messages:
    43
    Likes Received:
    8
    A 6 month old technique that no longer works, Imagine that....