We wanted to find a way to hack Facebook and expose any possible security flaws they may have.

What it does

This app grabs data off of a Facebook user's profile and generates a list of possible gift ideas based on the user's basic information (such as school, major, and career) and Facebook likes.

How I built it

This app was built with RESTFUL API using Node.js on the back end and Javascript and XSS on the front end.

How it works

Parsing Data
Given the ability to grab basic profile data, we first parse the information into key value pairs.
The data is a nested object of object/array. In order for it to be easily manipulated, it is parsed into a key-value structure. To do so, a deep level recursive parsing is done at each level of the object.
The end result is a walk through the whole json object.

Formatting Data
To make gift selecting possible, we will use weights to measure the priority of each key value pair.
Currently, the priority level is determined at the developer's end but an extension of this can be made easily.
The key of the pair will be a set of nouns describing the friend.
The value of the pair will be the corresponding data inserted by the friend.
An example of a parsed key-value could be: { Student : Rutgers University }

Selecting Gifts
The priority of the keyword is what is being used when we query for gifts. In order to make the gifts more meaning and useful, we have decided to rely on amazon's product api to suggest the most popular items given our queried keywords. A set of items is returned and it's now up to the user to choose what to get his/her friend!

Challenges I ran into

XSS, CORS, Content Security Policy, Same Origin Policy.

Accomplishments that I'm proud of

Was able to send data out of Facebook

What I learned

How to inject code into any website

What's next for Perfect Gift

We're hoping to have Perfect Gift released as a Chrome Extension that everyone can have access to.

Built With

Share this project: