So a while back facebook released their graph API a way for websites and other to integrate with facebook, things like:

• Searching
• Profile enumeration ( status / feed / info )
• Friend enumeration

You can read the entirety of the functions at the Graph API documentation section on facebook.

So the first thing you notice is that certain functions are immediately limited ( call it the juicy section if you want ) such as viewing friends or getting full profile information, for these you need to auth , which immediately limits them from use in the public space ( unless of course we ask for username and password everytime – perhaps in the future ).

So we are left with search, and after a bit of messing with it, it turns out its a *super* method for searching public data on facebook, eg: if you want to search for something like ‘Maltego’ you can simply go to: https://graph.facebook.com/search?q=%22Maltego%22

Then you get a basic JSON reply and from there its game over, what IS interesting however is that if you look at the JSON you notice that it shows the user information as well:

"data": [
      {
         "id": "<ID>",
         "from": {
            "name": "<name>",
            "id": "<ID>"
         },
         "message": "I learned about this program in a security class
I took yesterday...It's amazing what you can find out there on the
internet. I suggest you keep your personal info as safe as
possible :)",
         "picture": "http://external.ak.fbcdn.net/safe_image.php?
d=35edd425da4428331e33664fc02a9544&w=90&h=90&url=
http%3A%2F%2Fwww.paterva.com%2Fweb5%2Fimg%2Fchicken.png",
         "link": "http://www.paterva.com/web5/",
         "name": "Maltego 3",
         "caption": "www.paterva.com",
         "icon": "http://static.ak.fbcdn.net/rsrc.php/zD/r/
aS8ecmYRys0.gif",
         "type": "link",
         "created_time": "2010-10-08T15:37:50+0000",
         "updated_time": "2010-10-08T16:21:50+0000"
      }

So now not only can you view what was said about term <x> on facebook, but you can ALSO see who said it, so why is this interesting for use with Maltego? Well imagine you had a few phrases you were searching for, resulting in say 255 ‘facebookObjects’ ( like the one above ) for each phrase. Well then using a spreadsheet or some other non graphical form would take forever, however with Maltego you would very quickly be able to identify people who are talking about all of your phrases.

Read more »

So i figured i’d drop a quick update on what i’ve been messing around with, firstly ZACon II was awesome! I’m really dissapointed i didn’t submit a better talk and get a chance again, however i did win the badge competition and get to make my own cool badge:

Rock Paper Scissors Lizard Spock!

Some of the talks i really liked:

• Who can forget Roelof Temminghs talk, especially when one of the sections is “5 things Andrew didn’t implement in his free time” :P
• Ollie Whitehouse on UNCON and how their group runs ( and drinks :P )
• RC1140/Jameel‘s talk on Powershell
• Todor/UKJ‘s talk on DNSSEC ( but really guys 800 requests at once, that needs to be fixed/mitigated first!)
• Ross Simpsons iPhone Hackery ( can’t wait for 4.1 JB to be out )
• Ian de Villiers JAR reversing talk
• Haroon Meer‘s FIG talk :)

Secondly i KNOW i probably should have put up code and stuff for the arduino project i built, basically its a webapp that shows the webcam and allows you to move the cam around. The Arduino is connected to two servo’s to do vertical / horizontal movement, and it can be controlled via the webapp:

CAM CAM CAM

Oh yeah, it also lets you send text to an LCD and blink an LED ( but these aren’t nearly as cool ).

So after doing this i wanted to look at motion tracking and see if i could get the camera to automagically follow someone around a room with facial/object recognition, and in the little time i have had to play today it seems easily doable with the likes of OpenCV , so far today ( besides battling c++ – its been over 5 years since I’ve touched the stuff, so there were some issues :P ) I’ve managed to get it to do some pretty cool facial recognition with the Haar classification and the provided definition – haarcascade_frontalface_alt2.xml. I’ve also given it a bit of a window to try move into and it seems to work pretty well. The only issue i saw was that at the default resolution of the camera ( 640×480) it absolutely ATE my 3ghz dual core, so i had to halve the image size and now it works real-time-ish, check out the pic:

Webcam Facial Detection

I’ve also been playing around with Facebook’s graphAPI and i am hoping to provide some cool new search functionality both to Maltego and as an RSS feed that people can use to monitor what has been said about a specific topic in the public on the social networking giant.

I’ll try start putting out a little more.

Cheers,
Andrew

p.s. yeah, the mohawks been gone for a month now, now if only i had a new alias that wasn’t taken on the net :)