Risk Inside Facebook Linkshim - Bypassing Facebook Linkshim Filters





Linkshim is a tool created by Facebook's Site Integrity Team to protect its users. ... When a link is clicked on Facebook, Link Shim checks the link to make sure it isn't on its list of malicious links or on any of its many external partners' (McAfee, Google, Websense) lists.

Basically, a Linkshim is a Script created by Facebook to protect its users from malicious links.
When FB redirects to other sites, the script (l.php) first checks the link then redirects and sometime block the malicious URLs.

But, we can easily redirects malicious or blocked URLs from Facebook simply by shortening the URL or with another site redirect.

Also, It's possible to redirect through IP address. We can redirect any malware site or blocked links from Facebook.


If you try to redirect malware link through IP address, FB linkshim block this.
OK
But I believe that Facebook not handle this situation correctly.


Facebook linkshim blocks only those IP address which redirects to domain name.

Proof of Concepts:

First visit this
http://facebook.com/l.php?u=http%3A%2F%2Fwww.linkbucks.com 


Facebook linkshim filter blocked the link.

OK

Now visit this link

https://l.facebook.com/l.php?u=http%3A%2F%2F65.98.63.218&h=ATObIgVXTpRNhRLcv9BfHbIjzhbzYh5t3tK-aiVh2qS07AwdpuTq2LMWE2x6PBpjqLfCpdLQGHGPpCKpLeV5JUMv26M7WO6P-Zc_jWc1Zqs1wsSQ

Facebook redirects to the blocked link through IP address.

Linkshim filter is successfully bypassed.




Share your thoughts with comments.

Hope you like this article.


Comments

Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie