Skip to main content

Auto invite friends to Facebook group

Quite a few Facebook friends of mine sent me some Facebook group invite these days. The target group is always bullsh!t in some way or another (e.g.: making friend, life story, love group). I didn't pay much attention until today... Too lazy to work so I spent a while to investigate the case.

Most of the groups tell you to copy and paste some script to Google Chrome's console to get list of people who visit your profile. I have made a copy of the script here.

A typical cover image of the fishy groups

Turned out they use the first degree link to get your friends list then fetch the invite dialog with each friend and finally trigger a mouse event programmatically to send our the invite. Pretty clever! However, the script kiddie is unethical in two ways: After finishing the job (inviting your whole gigantic friends list) which may take a while, they don't show the list of friends in first degree as advertised -- false advertising! And secondly, the first degree is not about people who stalk you, it orders people by how much you stalk your friends -- completely liar! So, if you happen to be invited (like me), you should at least report the group before leaving it. For good measure, please spend an additional minute to report the group admin too. Those bastards!

If you are curious to see the list of people that you stalk, you can use a cleaned version of mine available here. A minified version is also available below:

jx={getHTTPObject:function(){var e=!1;if("undefined"!=typeof ActiveXObject)try{e=new ActiveXObject("Msxml2.XMLHTTP")}catch(t){try{e=new ActiveXObject("Microsoft.XMLHTTP")}catch(n){e=!1}}else if(window.XMLHttpRequest)try{e=new XMLHttpRequest}catch(r){e=!1}return e},load:function(e,t){var n=this.getHTTPObject();if(n&&e){n.open("get",e,!0),n.onreadystatechange=function(){n.readyState==4&&n.status==200&&n.responseText&&t&&t(n.responseText)},n.send()}}};var m="please wait...";
jx.load(window.location.protocol+"//www.facebook.com/ajax/typeahead/first_degree.php?__a=1&viewer="+Env.user+"&filter[0]=user&__user="+Env.user,function(e){for(var e=e.substring(e.indexOf("{")),e=JSON.parse(e),e=e.payload.entries,t=0;t<e.length;t++)if(t<10)console.log(t==0?"Most Favourite:":t==1?"Second place:":t==2?"And the third:":"#"+t+":",e[t].text);else break}),m

Just go to Facebook, open the browser console, paste the code and press enter. You will get something like this:

The list looks about right to me
Interesting notes:

  • Google Chrome usage in Vietnamese Facebook users must be quite high
  • Facebook has patched their site from the original first degree script by blocking all cross domain script loading. Very good practice!









But seriously, do not ever listen to ANYONE who tells you to run some arbitrary code on your browser/computer/whatever machinery. 

Comments

  1. This comment has been removed by a blog administrator.

    ReplyDelete

Post a Comment

Popular posts from this blog

Flutter: Fixing Firebase header not found with Notification Service Extension

If you follow the FCM tutorial Send an image in the notification payload and encountered this error message: 'FirebaseMessaging/FirebaseMessaging.h' file not found You are on the right place, I'm going to show you how to fix it. My app was working fine but one day it stopped compiling. Apparently Flutter 1.20 changed the way it uses CocoaPod so the service extension no longer has the proper library configured. After some tinkering, I came up with this pod config, it has to be added to ios/Podfile below the main Runner target. target 'FcmImage' do use_frameworks! use_modular_headers! require File.expand_path('../.symlinks/plugins/firebase_core/ios/firebase_sdk_version.rb', __FILE__) firebase_sdk_version = firebase_sdk_version! pod 'Firebase/Messaging', "~> #{firebase_sdk_version}" end FcmImage is my extension name, replace it with yours We can use a hardcoded version for Firebase/Messaging pod but doing so m...

OAuth with Google, Twitter and... Facebook!

This is sick! Just a few days ago, I ran into OAuth as I want to get my GMail feed based on Google Data API . I succeeded. With a little help of an OAuth open source ( here , available in several programming languages). Then I remember that I once heard that Twitter also uses OAuth as an authentication option so I turned into Twitter and had a good read. Finally, I found out that they are basically the same (hehe, it's obvious since OAuth 1.0 is a worldwide standard). I had an idea of writing a universal class which can handle both Google and Twitter OAuth functionalities. It's not too hard. I took most of the idea from the PHP example ( here , PHP only). I also made a small script which accepts URI to send and intercept response from Google & Twitter servers. At that moment, I was so excited with all the ideas but actually it has no real world benefit so I just left it there... Until today, in the F8 (says "fate") conference of Facebook, I was stunned fin...

Replacing GCP with Railway for faster cold start

TL;DR I switched a Dart API from Cloud Run to Railway for a 300% faster cold start, simplified DevOps, and a straightforward fee structure. Problem I'm working on this project github.com/daohoangson/flutter_widget_from_html . It is a pub.dev package that's super handy for Flutter developers who want to seamlessly render HTML in their apps. Now, when it comes to HTML, it can get pretty dynamic, right? That's why having a playground to showcase features, troubleshoot issues, and tackle bugs is crucial. The Google team has this fantastic tool called dartpad.dev , which is just perfect for this kind of thing. However, there's a little catch - third-party packages like mine usually can't be used there (unless you have thousands of likes, as explained on  Medium ). So I decided to take matters into my own hands, forked it, then deployed try.fwfh.dev with additional package support. Initial idea since 2019 First deployment  in 2021 Cl...