Friends, if you get invitation from stranger in facebook, don't accept it. Even if you know the person, please verify whether profile is real or not. A new hacking tool is available that will send friend request to you. If you accept, it can steal all info ,photos,friend list from you. Think twice before accepting invitation.
FbPwn: A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.
Usage
A typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.
Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.
After a a few minutes, probably the victim will unfriend the fake account after he/she figures out it's a fake, but probably it's too late!
ModulesDescription:
All modules work on a selected profile URL (we'll call him bob), using a valid authenticated account (we'll call him mallory).
FBPwn modules are:
- AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.
- ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.
- CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
- DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.
- DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
- DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.
Download Link : http://code.google.com/p/fbpwn/downloads/list