Browsing all articles tagged with facebookGraphAPI

So a while back facebook released their graph API a way for websites and other to integrate with facebook, things like:

  • Searching
  • Profile enumeration ( status / feed / info )
  • Friend enumeration

You can read the entirety of the functions at the Graph API documentation section on facebook.

So the first thing you notice is that certain functions are immediately limited ( call it the juicy section if you want ) such as viewing friends or getting full profile information, for these you need to auth , which immediately limits them from use in the public space ( unless of course we ask for username and password everytime – perhaps in the future ).

So we are left with search, and after a bit of messing with it, it turns out its a *super* method for searching public data on facebook, eg: if you want to search for something like ‘Maltego’ you can simply go to: https://graph.facebook.com/search?q=%22Maltego%22

Then you get a basic JSON reply and from there its game over, what IS interesting however is that if you look at the JSON you notice that it shows the user information as well:

"data": [
      {
         "id": "<ID>",
         "from": {
            "name": "<name>",
            "id": "<ID>"
         },
         "message": "I learned about this program in a security class
I took yesterday...It's amazing what you can find out there on the
internet. I suggest you keep your personal info as safe as
possible :)",
         "picture": "http://external.ak.fbcdn.net/safe_image.php?
d=35edd425da4428331e33664fc02a9544&w=90&h=90&url=
http%3A%2F%2Fwww.paterva.com%2Fweb5%2Fimg%2Fchicken.png",
         "link": "http://www.paterva.com/web5/",
         "name": "Maltego 3",
         "caption": "www.paterva.com",
         "icon": "http://static.ak.fbcdn.net/rsrc.php/zD/r/
aS8ecmYRys0.gif",
         "type": "link",
         "created_time": "2010-10-08T15:37:50+0000",
         "updated_time": "2010-10-08T16:21:50+0000"
      }

So now not only can you view what was said about term <x> on facebook, but you can ALSO see who said it, so why is this interesting for use with Maltego? Well imagine you had a few phrases you were searching for, resulting in say 255 ‘facebookObjects’ ( like the one above ) for each phrase. Well then using a spreadsheet or some other non graphical form would take forever, however with Maltego you would very quickly be able to identify people who are talking about all of your phrases.

Read more »