Update someone's status

Discussion in 'FaceBook' started by anubis002, Oct 1, 2012.

  1. anubis002

    anubis002 Newbie

    Joined:
    Oct 1, 2012
    Messages:
    1
    Likes Received:
    0
    Hello,

    I tried to update a friend's status (he's aware of that, it's like a competition between us). To do that, I use "Live HTTP Headers" and "Tamper Data" extensions for Firefox.

    Once I get the initial $_POST with Live HTTP Headers. I use the following fonction (found here), to get the phstamp variable.
    Finally, I post a new status on my own wall using Tamper Data and I change the $_POST['xhpc_targetid'], $_POST['xhpc_message_text'], $_POST['xhpc_message'], $_POST['__user'] and $_POST['phstamp'].

    I know that my phstamp number is good, I have the same value for original post.

    The problem is it doesnt work. Any suggestion?
    Maybe the fb_dtsg could be the problem, or the composer_session_id.

    I also tried to make a friend to like a fanpage, there is no session_id and it doesnt work either.

    So what is the fb_dtsg?

    Thank you in advance.


    ----------------------------------------------------------------------------
    function generatePhstamp(qs, dtsg) {
    var input_len = qs.length;
    numeric_csrf_value='';

    for(var ii=0;ii<dtsg.length;ii++) {
    numeric_csrf_value+=dtsg.charCodeAt(ii);
    }
    return '1' + numeric_csrf_value + input_len;
    }

    var qs = 'fb_dtsg=AQBtHA-j&postfromstub=true&xhpc_targetid=FACEBOOK_ID&xhpc_context=home&xhpc_ismeta=1&xhpc_fbx=1&xhpc_timeline=&xhpc_composerid=ushs0ph1&xhpc_message_text=NEW_STATUS&xhpc_message=NEW_STATUS&is_explicit_place=&composertags_place=&composertags_place_name=&composer_session_id=1349048846&postfromfull=true&composertags_city=&disable_location_sharing=false&composer_predicted_city=&audience[0][value]=40&nctr[_mod]=pagelet_composer&__user=FACEBOOK_ID&__a=1';

    var dtsg = 'AQBtHA-j';
    var ret = generatePhstamp(qs,dtsg);
    document.write(ret);
     
  2. Crazy

    Crazy Power Member

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Yes fb_dtsg is an anti-CSRF token.
     
    • Thanks Thanks x 2
  3. zenoGlitch

    zenoGlitch Executive VIP

    Joined:
    Jun 25, 2009
    Messages:
    966
    Likes Received:
    1,519
    Location:
    Thailand