October 02, 2014, 01:06:22 am
Maltego Forum

Username
Password

Pages: [1]
Print
Author Topic: Updated Facebook Transforms (Jan 2010)  (Read 137172 times)
singe
Newbie
*
Posts: 3


« on: January 16, 2010, 06:18:53 am »

Since Paterva can't release FB transforms due to legal silliness, here are the ones I made. Please read the disclaimer. They have been updated to work with FB's current code as of Jan 2010, and I did some stuff like deobfuscating the JavaScript they use to allow BeautifulSoup to do it's job nicely, so they have and should continue to be easy to update.

They currently don't support cookies and could do with that being added if anyone feel up to it, I tried to comment lots to make it easy.

Either way it's attached, what follows is the readme.txt file:
 ------------------------------------
| Matego - Facebook Transforms |
 ------------------------------------

Disclaimer (NB):
----------------

This code is for research and demonstration purposes only. It should not be used as it will violate Facebook's Terms of Service and could result in your account being shut down. The author accepts no liability or responsibility for the code or it's uses. The author also waives all intellectual property rights to the code. The code was authored by the individual author only, and neither his employer nor Paterva were involved in it's creation or release. The code is released in the public interest to help other's understand the implications of their privacy settings on Facebook, however, the author reserves the right to additional defences.

Pre-requisites:
---------------

* A licensed copy of Maltego, check http://www.paterva.com/maltego/
* Python (2.6 recommended)
* The following python libraries
    - pymaltego-singe This should be distributed along with this code.
    - mechanize
    - BeautifulSoup
    - urllib2
    These are all easily available and support the easy install method i.e. run the following in the extracted directory for each dependency "sudo python setup.py install"
    Note: for installing pymaltego-singe, make sure you are in the trunk/ directory or you will get a 'pymaltego' not found error.
* A facebook account - bear in mind as this is a violation of FB's ToS your account could get suspended. Additionally, having two FB accounts is a violation of the ToS.
* Suggested prerequisites:
    - an anonymising proxy e.g. Tor (scraping may not work correctly in foreign characters)
    - an anonymous FB test account

Installing:
-----------

1) Place the transforms somewhere on your filesystems.

You will need to create at least four local transforms:
* Phrase -> FacebookAffiliation (from_phrase_to_facebook.py)
* E-Mail -> FacebookAffiliation (from_phrase_to_facebook.py) (uncomment the limit = 10 line at the top before use)
* FacebookAffiliation -> (Friends of) FacebookAffiliations (from_fb_to_friends.py)
* FacebookAffiliation -> Person (from_fb_to_person.py)

For each transform:
2) In Maltego click Tools -> Manage Transforms
3) Click 'New Local Transform'
4) Complete the details on the first page e.g.
    Display Name : To Facebook
    Description : Search for an e-mail address on Facebook and return found Facebook accounts
    Author : singe
    Input Entity Type : EmailAddress
5) Click Next and complete the details on the next page e.g.
    Command : /usr/local/bin/python
    Parameters (optional) : <path to the local transform e.g. /home/foo/bin/maltego/facebook/from_phrase_to_facebook.py>
6) Click Finish

Usage
-----

Quite simple: add an appropriate entity, run the transform.

* maltego-facebook-v1.tgz (25.67 KB - downloaded 8014 times.)
« Last Edit: January 20, 2010, 12:00:29 pm by singe » Logged
AndrewMacPherson
Administrator
Full Member
*****
Posts: 132


« Reply #1 on: January 20, 2010, 10:40:07 am »

Hi Guys,

Just a quick headsup.

  • This will run on both the commercial and the community edition
  • to install the pymaltego-singe you need to run 'python setup.py install' from the trunk directory, not the one above

I also seem to be having the following error:

andrew@PickledOrange:~/fb/maltego-facebook/maltego-facebook$ ./from_phrase_to_facebook.py "Andrew"
D: Got login page
D: Logged In
D: First search completed
<MaltegoMessage><MaltegoTransformExceptionMessage><Exceptions><Exception>global name 'limit' is not defined</Exception></Exceptions></MaltegoTransformExceptionMessage></MaltegoMessage>

Look forward to the fix!

-AM
Logged
AndrewMacPherson
Administrator
Full Member
*****
Posts: 132


« Reply #2 on: January 20, 2010, 10:42:35 am »

Sorry guys, that was a stupid mistake, within the from_phrase_to_facebook.py simply change this line:

#limit = 10

to

limit = 10

-AM
Logged
singe
Newbie
*
Posts: 3


« Reply #3 on: January 20, 2010, 12:02:47 pm »

Sorry, my bad on the install instructions for pymaltego-singe, have updated the README above to mention it.

Also my bad on commenting out the limit, however, note that leaving it as "limit = 10" will only return 10 results when searching for facebook accounts. You may want more, in which case increasing this number is a good idea.

If we find any more obvious dork moves I'll release a new version, but waiting for them to cumulate a bit.
Logged
AndrewMacPherson
Administrator
Full Member
*****
Posts: 132


« Reply #4 on: January 25, 2010, 01:59:38 pm »

Please note the facebook login URL has changed to https://login.facebook.com/login.php

Change line 30 from:

response = mech.open("https://www.facebook.com/login.php")

To

response = mech.open(https://login.facebook.com/login.php ")
Logged
bulgin
Newbie
*
Posts: 4


« Reply #5 on: July 06, 2010, 03:33:38 pm »

I seem to have made a mistake in creating this transform in the commercial version of Maltego, and now I cannot delete it from the Manage transforms tab.

I am asked if I want to delete, I say yes, but it remains.

Is there something I'm missing here?
Logged
FAS2
Newbie
*
Posts: 1


« Reply #6 on: September 11, 2010, 09:20:27 am »

bulgin, manually delete it in, C:\Documents and Settings\YOUR USERNAME\Application Data\.maltego\v3.0CE\config\Maltego\TransformRepositories\Local

singe,

For, "from_fb_to_friends.py" what is the, input entity type and or transform set? I get a popup error about "uid" even if I set phrase and am searching the profile id. Thank you.
Logged
sevol
Newbie
*
Posts: 1


« Reply #7 on: October 12, 2010, 02:11:03 am »

hi, im having trouble setting up this transform. for the command line option what do i put in? im running on ubuntu 10.10 and the /usr/bin/local/python folder does not exist. thanks
Logged
AndrewMacPherson
Administrator
Full Member
*****
Posts: 132


« Reply #8 on: October 12, 2010, 05:44:05 am »

Hi Sevol,

Simply do 'which python' to see where it is, most likely /usr/bin/python/
Logged
Don Weka
Newbie
*
Posts: 1


« Reply #9 on: November 01, 2010, 11:01:41 am »

Hi,
Thank you for this update!
I keep having trouble with the transform. I run it under Linux Ubuntu 10.04, pyhton 2.6.5.
The script from_phrase_to_facebook can log in using Facebook credentials, then performs the search with the given Phrase. But the response it gets contains no data about de search result. Instead, it is always something like below, as if facebook detected that it is a script that does the query:

Code:
<script>window._is_quickling_index="";</script><script type="text/javascript">function incorporate_fragment(a,b){if(b&&a.pathname=='/')return;var d=/^(?:(?:[^:\/?#]+):)?(?:\/\/(?:[^\/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?/;var c='';a.href.replace(d,function(e,h,i,g){var f,j;f=j=h+(i?'?'+i:'');if(g){g=g.replace(/^(!|%21)/,'');if(g.charAt(0)=='/')f=g.replace(/^\/+/,'/');}f=b+f;if(f!=j)window.location.replace(c+f);});}if(window._is_quickling_index!==undefined)incorporate_fragment(window.location,window._is_quickling_index);</script><script type="text/javascript">/* <![CDATA[ */if (top != self) { try { if (parent != top) { throw 1; } var disallowed = ["apps.facebook.com","\/pages\/"]; href = top.location.href.toLowerCase(); for (var i = 0; i < disallowed.length; i++) { if (href.indexOf(disallowed[i]) >= 0) { throw 1; } } } catch (e) {setTimeout(function() {var fb_cj_img = new Image(); fb_cj_img.src = "http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&m&t=5531";}, 5000); window.document.write("<style>body * { display:none !important; }<\/style><a href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display: block !important; padding: 10px\"><i class=\"img spritemap_2rry0p sx_0fdace\" style=\"display:block !important\"><\/i>Go to Facebook.com<\/a>");/* fH5gK8gD */ }}/* ]]> */</script><script>window.location.replace("http:\/\/www.facebook.com\/search.php?q=username%40domain.com&n=-1&k=100000020&type=users");</script>

Furthermore, the keywords like "UIFullListing_Table" don't exist anymore in the source html of the result page...
Does someone have an update?

Thanks
Don
Logged
Pages: [1]
Print
Jump to: