Risk Inside Facebook Apps - Hack Facebook Users Accounts through Facebook Apps

Facebook have a lot of security increasing daily. Now, Its very difficult to hack Fb users account but not impossible.

It's still possible to Hack Fb users account through facebook apps.

By default, Facebook allows applications running within canvas pages to include iframes and redirect off site. 

So, Hacker can embed any malicious site in his application and also may run scripts in victim's browser. 
Hacker can embed phishing link or fake login page and may ask user login credentials means email and password.

Victim visits the application and thought that he is giving login details to Facebook or Facebook requires re-authentication and enter his email and password. But he don't know that he is giving login details to hackers, not to Facebook .

Facebook closely monitor apps for malicious behavior and blocks malicious apps but its still possible by making or hijacking vulnerable app. 

So, never enter your login details in facebook applications which is typically in the form of these URLs ie apps.facebook.com or m.facebook.com/apps and stay protected.


Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie