GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Mte90 → Fb Android Crash

Mte90 / Fb Android Crash

How to crash the integrated browser in FB for Android? Let's open that URL!

Labels

htmlfacebookexperimentbug

Projects that are alternatives of or similar to Fb Android Crash

Unjailme
A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)
Stars: ✭ 73 (-17.98%)
Mutual labels:  bug
Bug Tracker Pern Ts
Bug Tracking app with project members support. Made with PERN stack + TypeScript.
Stars: ✭ 79 (-11.24%)
Mutual labels:  bug
Laravel Facebook Ads
Facebook & Instagram Ads API for Laravel
Stars: ✭ 87 (-2.25%)
Mutual labels:  facebook
Patme
Elixir-style pattern matching for ruby methods
Stars: ✭ 75 (-15.73%)
Mutual labels:  experiment
Facebook Tunnel
Tunneling Internet traffic over Facebook chat.
Stars: ✭ 1,234 (+1286.52%)
Mutual labels:  facebook
Social Login Helper Deprecated
A simple android library to easily implement social login into your android project
Stars: ✭ 81 (-8.99%)
Mutual labels:  facebook
Skraper
Kotlin/Java library and cli tool for scraping posts and media from various sources with neither authorization nor full page rendering (Facebook, Instagram, Twitter, Youtube, Tiktok, Telegram, Twitch, Reddit, 9GAG, Pinterest, Flickr, Tumblr, IFunny, VK, Pikabu)
Stars: ✭ 72 (-19.1%)
Mutual labels:  facebook
Androidoauth
A simple way to authenticate with Google and Facebook using OAuth 2.0 in Android
Stars: ✭ 88 (-1.12%)
Mutual labels:  facebook
Android
Android projects with reusable components which will be useful in your applications.
Stars: ✭ 81 (-8.99%)
Mutual labels:  facebook
Fnreactionsview
FNReactionsView is a customizable control (based on UIView) to give people a way to show floating emoji like facebook does during live stream, easy way.
Stars: ✭ 87 (-2.25%)
Mutual labels:  facebook
Facegrab
A tool to collect public images from Facebook and create an image dataset for training computer vision applications like gender recognition, and face detection
Stars: ✭ 76 (-14.61%)
Mutual labels:  facebook
Spam Bot 3000
Social media research and promotion, semi-autonomous CLI bot
Stars: ✭ 79 (-11.24%)
Mutual labels:  facebook
Larabug
Laravel error reporting tool
Stars: ✭ 84 (-5.62%)
Mutual labels:  bug
Network Avatar Picker
A npm module that returns user's social network avatar. Supported providers: facebook, instagram, twitter, tumblr, vimeo, github, youtube and gmail
Stars: ✭ 74 (-16.85%)
Mutual labels:  facebook
Devil
Devil is a tool that is basically made for facebook to Hack target accounts , BruteForce Attack , grab friendlist accounts , yahoo chacker , Facbook Friend information gathering tool , auto likes reactions & much more i hope you enjoy this tool i'm not responsible if you use this tool for any illegal purpose
Stars: ✭ 88 (-1.12%)
Mutual labels:  facebook
Clickjacking Tester
A python script designed to check if the website if vulnerable of clickjacking and create a poc
Stars: ✭ 72 (-19.1%)
Mutual labels:  bug
Unity Experiment Framework
UXF - Framework for creating human behaviour experiments in Unity
Stars: ✭ 81 (-8.99%)
Mutual labels:  experiment
Facebookclientplugin
Facebook Client Plugin for Xamarin iOS and Android
Stars: ✭ 89 (+0%)
Mutual labels:  facebook
Rvd
Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Stars: ✭ 87 (-2.25%)
Mutual labels:  bug
Svelte Social Auth
Social Auth for Svelte v3
Stars: ✭ 86 (-3.37%)
Mutual labels:  facebook
View All Similar Projects ➔

Let's crash the integrated browser in Facebook

First of all integrated in-app browsers suck.

It's easier for them to track what you read on the web more aggressively and that's not very good.

Facebook integrated browser is one of the most used browsers on mobile and sucks.

Updates:

  • 21/03/2018 - 18:00 UTC: The problem is fixed with the last version of Facebook for Android.

  • 22/07/2017 - 13:00 UTC: The problem exists in the last version of Facebook for Android.

  • 14/03/2017 - 16:00 UTC: First of all thanks to all the people improved that readme! That repo was shared on Reddit and on HackerNews and gettings a little bit of success.

For developers

Are there any bugs you cannot test because there is no remote debug support and also if you are using Chrome on Android the same issue doesn't happen, probably because they use a different version for something? Like there was for Internet Explorer 6 (sorry to bring back the nightmares) we have no idea how it worked and how to debug in that.

The only way is to create a HTML file for every test (download the page with wget -E -H -k -K -p yoururl), load on a server, create a private group, and share the URL of every version/test. That way we can avoid the caching of Facebook or the app (I have no idea how that works) and have a different version to test and see if Facebook for Android and its integrated browser works.

What the issue is

Seems that the WP Rocket plugin for WordPress with its feature for lazyloading on iframes crashes the browser.

The behavior is very simple, you open the link from Facebook for Android and the settings to use the external browser is disabled, during the loading of the page this is closed automatically only with an error: "Impossible to open the page".

Anything else, hasta lasagna! This is where my nightmare started.

Before discovering what the problematic feature was, I lost many hours testing in the past few months, but yesterday I decided to find out what the issue was once and for all.

The issue is that the src parameter in the iframe does not contain a URL, but a base64-encoded image.

How to test it

Open this link from Facebook for Android (remember to disable the external browser) and click to the crash page.

Version affected

As of today (22/07/2017) the last version of Facebook for Android crashes but I worked on that issue in the last months so it is a bug that exist also on old versions of the app.

The same issue doesn't happen with Facebook for iOS, because they use a different engine.

Conclusion

There was a time when web developers fought for a free open web that works in the right way (web standards) and was easy to document and debug, but the mobile world is the new battlefield for developers.

As a Mozillian my suggestion is to fight that using real browsers and create awareness to our customers to use the right browser and not a tiny toy in a black box.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].