1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Update someone's status

Discussion in 'FaceBook' started by anubis002, Oct 1, 2012.

  1. anubis002

    anubis002 Newbie

    Joined:
    Oct 1, 2012
    Messages:
    1
    Likes Received:
    0
    Hello,

    I tried to update a friend's status (he's aware of that, it's like a competition between us). To do that, I use "Live HTTP Headers" and "Tamper Data" extensions for Firefox.

    Once I get the initial $_POST with Live HTTP Headers. I use the following fonction (found here), to get the phstamp variable.
    Finally, I post a new status on my own wall using Tamper Data and I change the $_POST['xhpc_targetid'], $_POST['xhpc_message_text'], $_POST['xhpc_message'], $_POST['__user'] and $_POST['phstamp'].

    I know that my phstamp number is good, I have the same value for original post.

    The problem is it doesnt work. Any suggestion?
    Maybe the fb_dtsg could be the problem, or the composer_session_id.

    I also tried to make a friend to like a fanpage, there is no session_id and it doesnt work either.

    So what is the fb_dtsg?

    Thank you in advance.


    ----------------------------------------------------------------------------
    function generatePhstamp(qs, dtsg) {
    var input_len = qs.length;
    numeric_csrf_value='';

    for(var ii=0;ii<dtsg.length;ii++) {
    numeric_csrf_value+=dtsg.charCodeAt(ii);
    }
    return '1' + numeric_csrf_value + input_len;
    }

    var qs = 'fb_dtsg=AQBtHA-j&postfromstub=true&xhpc_targetid=FACEBOOK_ID&xhpc_context=home&xhpc_ismeta=1&xhpc_fbx=1&xhpc_timeline=&xhpc_composerid=ushs0ph1&xhpc_message_text=NEW_STATUS&xhpc_message=NEW_STATUS&is_explicit_place=&composertags_place=&composertags_place_name=&composer_session_id=1349048846&postfromfull=true&composertags_city=&disable_location_sharing=false&composer_predicted_city=&audience[0][value]=40&nctr[_mod]=pagelet_composer&__user=FACEBOOK_ID&__a=1';

    var dtsg = 'AQBtHA-j';
    var ret = generatePhstamp(qs,dtsg);
    document.write(ret);
     
  2. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Yes fb_dtsg is an anti-CSRF token.
     
    • Thanks Thanks x 2
  3. zenoGlitch

    zenoGlitch Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 25, 2009
    Messages:
    963
    Likes Received:
    1,511
    Location:
    Thailand