Mar 23, 2009

Let's get poking - (facebook poke with bash / perl)

facebook, bash, curl, poke..poking... that about covers it. This is neither elegant nor complete. Call it a "hack" if you will. Please keep in mind that facebook does not look favourably on browser side scripting so this is technically against their TOS. Having said that, unless you go all spammy on your friends, you should remain under the radar. As far as requests go, they'll think you're doing it manually..which is ok... (unless like I said you over do it..)

copy code below to new file
chmod it +x
the script take three args - email,password and UID of the person you wanna poke.
it will try to reuse any cookies left over from a previous session so if you have problems, delete the cookie file /tmp/email.fbcookie

have fun. don't spam!

update
This here is a new modified version running on Perl. working as of 26/03/2010
#!/usr/bin/perl
#---------------------------- #
# facebook poke script        #
# c2010 - KudaNai             #
# http://kudanai.blogspot.com #
# --------------------------- #
# use with caution.you may    #
# get banned for violation    #
# of facebook ToS.            #
# good luck.                  #
# --------------------------- #
use strict;
use WWW::Mechanize;
use HTTP::Cookies;

my $username = 'yourusername'; #change these values.
my $password = 'yourpassowrd';

die "invalid number of arguments" unless (scalar @ARGV)==1;

my $mech = WWW::Mechanize->new();$mech->cookie_jar(HTTP::Cookies->new());
$mech->get("http://www.facebook.com/login.php");
$mech->submit_form(
form_number => 1,
fields =>
{
email=>$username,
pass=>$password
}
);

$mech->content() =~ /post_form_id\"\svalue=\"(\w+)\"/;

foreach my $uid (@ARGV)
{
$mech->post("http://www.facebook.com/ajax/poke.php?__a=1",
{
uid=>$uid,
pokeback=>"1",
post_form_id=>$1,
post_form_id_source=>"AsyncRequest"
}
);
#print $mech->content();
}


and the old version for reference.

#!/bin/bash

email=$1
pass=$2
uid=$3

cookie="/tmp/${email}.fbcookie"


login()
{
echo "logging in..."
curl -L --silent -A "MOZILLA/5.0" -b ${cookie} -c ${cookie} \
-d "email=${email}" -d "pass=${pass}" -d "login=Log+In" \
http://m.facebook.com/login.php > /dev/null
}

poke()
{
gfid=`curl -L --silent -A "MOZILLA/5.0" -b ${cookie} -c ${cookie} \
"http://m.facebook.com/profile.php?id=${uid}" | \
awk '{FS="gfid=";RS="\">";if (NR!=1 && $2!~/^$/) {print $2}}'`


curl --silent -G -A "MOZILLA/5.0" -b ${cookie} -c ${cookie} \
-d "id=${uid}" -d "gfid=${gfid}" -d "poke=${uid}" -d "refid=17" \
"http://m.facebook.com/a/profile.php" > /dev/null
}

if [ ! -e "${cookie}" ];then login;fi
poke

12 Comments:

Anonymous said...

you should compile all these into a sort of "unofficial facebook API" or something... you know for things the official API doesn't allow? Like wall posts and pokes..

Anonymous said...

how did you poke all your friends?

SoE said...

I used the output from fbcmd friends command like this

fbcmd friends | cut -d" " -f1 | while read i;do ./poke USERNAME PASSWORD $i;done

Anonymous said...

i had a little trouble finding what this fbcmd was but thanks. that worked.

Anonymous said...

forgive me master for I have SPAMMED!

Grant said...

Am an asp.net user interested in what you have done, please provide a general guideline on how I can do it, it doesnt have to be code, but maybe if you coment what you doing the language you using etc I can follow.

Great stuff and thanx!

SoE said...

well it's simple really

1) login to facebook and save the cookies (this step may have changed with the new facebook)

2) visit the friends profile and grab the form variable called gfid

3) post a GET request to m.facebook.com/profile.php with the options gfid,uid,refid=17

i'm using the mobile page because it's faster and easier to parse.

SoE said...

updated 26/03/2010

DJ Charlie said...

Any way to get an updated version of this? When I try running it, I get:

There is no form numbered 1 at /home/control/util/fbpoke.pl line 23
No form defined at /home/control/util/fbpoke.pl line 23

darkscrypt said...

does this still work?

SoE said...

probably not

Anonymous said...

hi just a warning — a process's arguments are not private on most systems, so read a file or stdin for obtaining sensitive information like login credentials!

Post a Comment