
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
github.com/stevenxie/fbmsgr
Reverse engineering Facebook Messenger.
This is a fork of unixpickle/fbmsgr
which contains a modified Session
struct with an exposed http.Client
, so
that its cookies may be read by other packages.
This is a wrapper around Facebook Messenger's internal AJAX protocol. This wrapper could be used for any number of cool things, such as:
- Tracking your friends' Messenger activity.
- Analyzing your conversations (e.g. keywords analysis)
- Automating "Away" messages
- Creating chat bots
Current status
Currently, the API is fairly reliable and can perform a bunch of basic functionalities. Here is a list of supported features (it may lag slightly behind the master branch):
- Send textual messages to people or groups
- Send attachments to people or groups
- Receive messages with or without attachments
- Send read receipts
- Receive events for incoming messages
- Receive events for friend "Last Active" updates
- Set chat text colors (to arbitrary RGB colors)
- List a user's threads.
- List messages in a thread.
- Send and receive typing events
- Delete messages
TODOs
- Support emojis in threads (i.e. the like button)
- In FullActionLog, remove all duplicates, incase two messages have the same timestamp.
- Emoji/sticker transmission
- Modifying chat preferences (emoji, nicknames, etc.)
- View pending message requests
- Create new group chats
License
This is under a BSD 2-clause license. See LICENSE.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.