FACEBOOK Friend Request worm.

<?php

// CODED BY Metts / metts.blog.hu / da.metts@hotmail.com

// FACEBOOK Friend Request worm.

// A Kódért felelősséget nem vállalok!

set_time_limit(60);

$time = round(microtime(), 3);

function fb_login($login_email, $login_pass)

{

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://login.facebook.com/login.php?login_attempt=1');

curl_setopt($ch, CURLOPT_POSTFIELDS,'charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&locale=en_US&email='.urlencode($login_email).'&pass='.urlencode($login_pass).'&pass_placeholder=&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84');

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_HEADER, 0);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_COOKIEJAR, str_replace('\\','/',dirname(__FILE__)).'/fb_cookies.txt');

curl_setopt($ch, CURLOPT_COOKIEFILE, str_replace('\\','/',dirname(__FILE__)).'/fb_cookies.txt');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");

curl_exec($ch);

$err = 0;

$err = curl_errno($ch);

if ($err != 0){

curl_close($ch);

echo 'LOGIN: error='.$err."\n";

return(false);

}

else

{

echo " LOGIN: SUCESS<br/>";

echo " GET: http://m.facebook.com/findfriends.php ";

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_TIMEOUT, '3');

curl_setopt($ch, CURLOPT_COOKIEFILE, 'fb_cookies.txt');

curl_setopt($ch, CURLOPT_URL, 'http://m.facebook.com/findfriends.php');

$content = curl_exec($ch);

return $content;

}

}

function invite_friend($login_email,$login_pass,$f_id,$token)

{

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://login.facebook.com/login.php?login_attempt=1');

curl_setopt($ch, CURLOPT_POSTFIELDS,'charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&locale=en_US&email='.urlencode($login_email).'&pass='.urlencode($login_pass).'&pass_placeholder=&charset_test=%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84');

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_HEADER, 0);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_COOKIEJAR, str_replace('\\','/',dirname(__FILE__)).'/fb_cookies.txt');

curl_setopt($ch, CURLOPT_COOKIEFILE, str_replace('\\','/',dirname(__FILE__)).'/fb_cookies.txt');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");

curl_exec($ch);

$err = 0;

$err = curl_errno($ch);

if ($err != 0){

curl_close($ch);

echo 'LOGIN: error='.$err."\n";

return(false);

}

else

{

$infos = curl_getinfo($ch);

$_ID = iconv('ISO-8859-1','UTF-8',urlencode($f_id));

$_PL = iconv('ISO-8859-1','UTF-8',urlencode('/find-friends/index.php'));

$_TOKEN = iconv('ISO-8859-1','UTF-8',urlencode($token));

$_SURI = iconv('ISO-8859-1','UTF-8',urlencode('/findfriends.php?fr_id='.$_ID));

$_REFID = iconv('ISO-8859-1','UTF-8',urlencode('43'));

$_HF = iconv('ISO-8859-1','UTF-8',urlencode('friend_browser'));

echo "LOGIN: SUCESS<br/>

SEND REQUEST: <br/>

ID : ".$_ID." <br/>

TOKEN: ".$_TOKEN."<br/>

SURI : ".$_SURI."<br/>

PL : ".$_PL."<br/>

REFID: ".$_REFID."<br/>

HF : ".$_HF."<br/>";

echo 'URL: http://m.facebook.com/a/mobile/friends/add_friend.php?id='.$_ID.'&hf='.$_HF.'&pl='.$_PL.'&suri='.$_SURI.'&gfid='.$_TOKEN.'&refid='.$_REFID.'<br/>';

curl_setopt($ch, CURLOPT_URL,'http://m.facebook.com/a/mobile/friends/add_friend.php?id='.$_ID.'&hf='.$_HF.'&pl='.$_PL.'&suri='.$_SURI.'&gfid='.$_TOKEN.'&refid='.$_REFID.'');

curl_setopt($ch,CURLOPT_BINARYTRANSFER, true);

curl_setopt($ch, CURLOPT_HTTPHEADER, array(

'Host: m.facebook.com',

'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1',

'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',

'Accept-Language: hu-hu,hu;q=0.8,en-us;q=0.5,en;q=0.3',

'Accept-Charset: utf-8;q=0.7,*;q=0.7',

'Connection: keep-alive',

'Accept-Language: hu-hu,hu;q=0.8,en-us;q=0.5,en;q=0.3',

'Referer: https://m.facebook.com/findfriends.php'

));

curl_setopt($ch, CURLOPT_POST, 0);

curl_setopt($ch, CURLOPT_HEADER, 0);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch, CURLOPT_COOKIEFILE, 'fb_cookies.txt');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3");

$err = 0;

$err = curl_errno($ch);

if ($err != 0){

curl_close($ch);

echo 'LOGIN: error='.$err."\n";

}

else {

$c = curl_exec($ch);

$string = "You sent a friend request to ";

if(stristr(strip_tags($c), $string) === FALSE) {

echo("<b>ERROR: Can't sent a friend request</b>");

$fail--;

}

else

echo "<b>You sent a friend request to ".$_ID."</b>";

curl_close($ch);

}

}

}

echo "<h1>Facebook friend request worm - Coded by Metts</h1><br/>";

$login_email = 'e1730121222@rppkn.com'; //EMAIL

$login_pass = 'pw'; //PW

$pattern = '{<div\s+class="pymkName"\s*>((?:(?:(?!<div[^>]*>|</div>).)++|<div[^>]*>(?1)</div>)*)</div>}si';

$pattern_to_href = '#<a\s*(?:href=[\'"]([^\'"]+)[\'"])?\s*(?:title=[\'"]([^\'"]+)[\'"])?.*?>((?:(?!</a>).)*)</a>#i';

$pattern_to_hidden_form = '{<div\s+class="pymkAddButton"\s*>((?:(?:(?!<div[^>]*>|</div>).)++|<div[^>]*>(?1)</div>)*)</div>}si';

$pattern_to_hidden_input = "/input type=\"hidden\" name=\"gfid\" value=\".*?\"/i";

$data = fb_login($login_email,$login_pass);

$array = array();

$matchcount = preg_match_all($pattern, $data, $matches);

$matchcount2 = preg_match_all($pattern_to_hidden_form, $data, $matches_2);

$fail = $matchcount;

if ($matchcount > 0)

{

echo "<h3>Friends:</h3>";

echo("$matchcount matches found.<br/>");

for($i = 0; $i < $matchcount ; $i++)

{

echo("<br/><br/>Match #" . ($i + 1) . ":<br/>");

echo($matches[1][$i]);

preg_match_all("/<a.*?href\s*=\s*['\"](.*?)['\"]/", $matches[1][$i], $res[$i]);

echo " URL: ".$res[$i][1][0];

$id = preg_replace("/[^0-9]/", '',$res[$i][1][0]);

$id = substr($id, 0, (strlen($id)-2));

echo " ID : ".$id;

if(strlen($id) == 0) {

// http://m.facebook.com/xxx.yyyy?

print "<b>ERROR: He heavent not id!</b>";

$fail--;

}

else {

preg_match_all($pattern_to_hidden_input,$matches_2[1][$i],$out);

$gfid =str_replace("input type=\"hidden\" name=\"gfid\" value=\"", "", $out[0][0]);

$gfid =trim($gfid,'"');

$token[$i] = $gfid;

echo " TOKEN: ". $token[$i]."<br/><br/>";

//invite_friend($login_email,$login_pass,$id,$token[$i]);

}

}

}

else {

echo('No matches');

echo($data);

}

$time2 = round(microtime(), 3);

$generation = $time2 - $time;

print "<br/>

STAT: (".$matchcount."/".$fail.")<br/>

TIME : ".$generation."";

echo "<h1>WORM END</h1>";

// 22:10 kor inditottama botot.

// 10/8 at jelöl be a bot

// 1 perc alatt végez

// (8 * 3600) * 24 nap végére: 691200

?>